Banco Sabadell
Sabadell Overview
Sabadell is a global financial institution headquartered in Barcelona, Spain and one of Europe's oldest and most successful banking groups since its founding in 1881. Sabadell covers all areas of the financial business sector under a common denominator: professional performance and quality. In the United States, Sabadell has operated with an International Full Branch since 1993. We offer Corporate Banking services to international companies in the American market, and Private Banking services primarily to Latin American high net worth individuals and families.
Responsibilities
Regulatory Governance & CISO Support Serve as primary drafter for all regulatory submissions (DORA, GLBA, ECB) Support on preparing quarterly ITOOC materials and CISO briefing packages such as GIOC, IT Interlock Maintain enterprise security policies aligned to NIST CSF Support developing CISO roadmap documents for 3Y planning Audit & Examination Leadership
Act as single point of contact for all audits (internal/external) Coordinate evidence collection across IT, Legal, and Business Units Draft management responses to findings (Must Fix List items) Track remediation to closure via GRC dashboards Risk Intelligence & Reporting
Own the Cyber KRI program - collect, analyze and report to: GIOC (monthly) ITOOC (quarterly) Regulators (as required) Maintain control mappings between different standards and frameworks (e.g GBLA - HO Risk Taxonomy, ISO 27001 to NIST)
CISO Development Program
Rotational assignments: Q1: Shadow CISO in HO engagements Q2: Lead mock regulatory examination Q3: Draft Board-level risk report Q4: Support CISO by presenting as a CISO deputy on the GIOC meeting Vendor Risk Assessment & Validation
Conduct security risk validations for all IT Critical Vendors Maintain vendor risk register tracking: Control gaps (NIST 800-53) Remediation timelines Contractual security requirements Perform annual vendor reassessments aligned to FFIEC Third-Party Guidance Requirements
Bachelor's degree in Cybersecurity, Risk Management, or related field and College Degree required 3-5 years in GRC, audit, or risk management (financial sector preferred) CRISC, CISA, or ISO 27001 LA desirable Regulatory Frameworks: NYDFS 500, GLBA, FFIEC CAT, NIST CSF, NIST 800-53 Tools: ServiceNow GRC, Smartsheet, Qualys Reporting: KRI/KPI dashboards, regulatory submissions
Sabadell is an Equal Employment Opportunity
Sabadell is a global financial institution headquartered in Barcelona, Spain and one of Europe's oldest and most successful banking groups since its founding in 1881. Sabadell covers all areas of the financial business sector under a common denominator: professional performance and quality. In the United States, Sabadell has operated with an International Full Branch since 1993. We offer Corporate Banking services to international companies in the American market, and Private Banking services primarily to Latin American high net worth individuals and families.
Responsibilities
Regulatory Governance & CISO Support Serve as primary drafter for all regulatory submissions (DORA, GLBA, ECB) Support on preparing quarterly ITOOC materials and CISO briefing packages such as GIOC, IT Interlock Maintain enterprise security policies aligned to NIST CSF Support developing CISO roadmap documents for 3Y planning Audit & Examination Leadership
Act as single point of contact for all audits (internal/external) Coordinate evidence collection across IT, Legal, and Business Units Draft management responses to findings (Must Fix List items) Track remediation to closure via GRC dashboards Risk Intelligence & Reporting
Own the Cyber KRI program - collect, analyze and report to: GIOC (monthly) ITOOC (quarterly) Regulators (as required) Maintain control mappings between different standards and frameworks (e.g GBLA - HO Risk Taxonomy, ISO 27001 to NIST)
CISO Development Program
Rotational assignments: Q1: Shadow CISO in HO engagements Q2: Lead mock regulatory examination Q3: Draft Board-level risk report Q4: Support CISO by presenting as a CISO deputy on the GIOC meeting Vendor Risk Assessment & Validation
Conduct security risk validations for all IT Critical Vendors Maintain vendor risk register tracking: Control gaps (NIST 800-53) Remediation timelines Contractual security requirements Perform annual vendor reassessments aligned to FFIEC Third-Party Guidance Requirements
Bachelor's degree in Cybersecurity, Risk Management, or related field and College Degree required 3-5 years in GRC, audit, or risk management (financial sector preferred) CRISC, CISA, or ISO 27001 LA desirable Regulatory Frameworks: NYDFS 500, GLBA, FFIEC CAT, NIST CSF, NIST 800-53 Tools: ServiceNow GRC, Smartsheet, Qualys Reporting: KRI/KPI dashboards, regulatory submissions
Sabadell is an Equal Employment Opportunity