Corporate CISO

Description

Job Summary: We are seeking a Corporate CISO to lead the vision, strategy, and program for digital security and operational resilience, protecting information assets and ensuring regulatory compliance. Key Highlights: 1. Lead the transformation and security culture within the company. 2. Responsible for strategy, governance, and operational security. 3. ICT risk management and regulatory compliance (DORA, ENS, ISO 27001). **Description:** ---------------- Servinform is a solid and rapidly growing company with over 47 years of experience in technological and business solutions. We have more than 6\.000 professionals operating across Spain, Portugal, Italy, and Colombia, specializing in sectors such as banking, insurance, energy, public administration, IT, and telecommunications. We deliver BPO, call center, communications, sales, customer service, and digital marketing services to over 1\.500 national and international clients. Furthermore, we operate under a Smart Business model, applying technology and artificial intelligence to achieve business objectives efficiently while keeping the human factor at the core. We are currently looking to hire a Corporate CISO who will be the ultimate authority responsible for establishing and maintaining the vision, strategy, and program for digital security and operational resilience. Their mission is to ensure protection of the company’s and its customers’ information assets against threats, guaranteeing confidentiality, integrity, and availability of information. They must comply with all applicable legal, regulatory, and client expectations in this area. They must inspire change and lead the company’s transformation: * Lead cultural change to place security at the forefront of solution design, simultaneously safeguarding the company’s core values of innovation, flexibility, and agility in operations. * Support the company’s geographic expansion into countries with differing regulatory frameworks. Participate in the company’s M\&A initiatives. * Adoption and integration of AI across 100% of organizational operations. **Your Key Responsibilities Will Include:** * **Security and Resilience Strategy and Governance:** Develop, implement, and maintain the global security policy and digital operational resilience program, aligned with business objectives and regulatory requirements for operation (ENS High, ISO 27k1, DORA). Design the security strategy. Communicate with senior management for approval and oversight of the strategy. Translate technical risk into business impact understandable by senior leadership, enabling informed decision-making and assuming high personal exposure and accountability for potential non-compliance. * **Operational and Security-by-Design:** Integrate security throughout the entire system and project lifecycle. Lead implementation and maintenance of a comprehensive, documented ICT risk management framework based on continuous improvement (PDCA cycle). Conduct formal and periodic risk analyses using recognized methodologies (e.g., Magerit) to identify, assess, and mitigate vulnerabilities and threats. Coordinate with other company departments on security incident management. \-**Audits, Compliance, and Resilience Testing:** Ensure ongoing, demonstrable compliance with DORA, ENS, ISO 27001, and GDPR. Manage the audit program or design and supervise a resilience testing program, including vulnerability assessments and advanced threat-based penetration testing (Threat\-Led Penetration Testing \- TLPT). Actively participate in compliance committees. * **Develop and implement continuous cybersecurity awareness and training programs for all personnel.** * **Monitor and track security across the company’s various geographic regions.** **What We Offer:** * Permanent contract for a stable project with a consolidated position within our company. * Consulting agreement. * Competitive remuneration, commensurate with experience and expertise. * Excellent working environment. * Full-time, hybrid work arrangement. * 24x7 availability for escalation handling related to security incidents. * Location: Avda. de los Premios Nobel 37, Torrejón de Ardoz (Madrid). **Requirements:** --------------- **Education and Certifications** * Academic Qualifications (Mandatory): * University degree in Computer Engineering, Telecommunications Engineering, or equivalent. * Postgraduate education (e.g., MBA) is a plus. * Certifications (Mandatory and Desirable): * CCISO (Certified Chief Information Security Officer) (Desirable). * CISM (Certified Information Security Manager) (Desirable). * CISSP (Certified Information Systems Security Professional) (Valuable). * ISO 27001 Lead Auditor (Valuable). **Required Experience** * Minimum of \>10 years of experience in cybersecurity. * At least \>5 years in a leadership or team management role in security within banking environments (banking experience is mandatory). * Proven experience implementing, maintaining, and auditing an ISMS based on ISO 27001 and alignment with ENS (‘High’ category). * Proven experience adapting to complex new regulatory frameworks, ideally DORA or similar (e.g., NIS2\). * Practical experience managing supply chain security, including drafting and auditing contractual clauses with ICT providers. • Practical experience managing complex security incidents and directly interfacing with clients, auditors, and multiple regulatory authorities (e.g., Banco de España, AEPD, CCN\-CERT). • Practical experience coordinating with other company departments on security incident management. * Experience in regulated environments handling large volumes of sensitive data (BPO, financial sector, insurance, etc.). **Technical Skills:** * Experience with security tools: SIEM, NGFW, WAF, IDS/IPS, EDR, and vulnerability analysis. * Understanding of ethical hacking techniques and advanced testing methodologies. * Solid knowledge of cloud security (AWS, Azure, Google Cloud). * Expert-level knowledge of network security, operating systems (Windows/Linux), databases, and web applications. **Competencies and Skills:** * Leadership and Calm Under Pressure: Ability to effectively lead teams during a security crisis. * Strategic Thinking and Holistic Risk Vision: Capability to align security with business objectives, proactively manage risks, and understand impact across the financial ecosystem. * Communication and Negotiation Skills: Essential for explaining complex risks to senior management, negotiating resources, and reviewing contractual clauses with clients and suppliers. * Analytical Ability and Attention to Detail: Fundamental for risk analysis and incident investigation. * Integrity and Professional Ethics: Non-negotiable qualities for a role entrusted with the company’s most critical assets. * Resilience and Stress Tolerance: Ability to operate effectively in a high-pressure, constantly evolving environment.