BARCELONA, B, ES, 08028 CaixaBank is a financial group operating under a socially responsible universal banking model with a long-term vision, grounded in quality, proximity, and specialization. It delivers tailored product and service value propositions for each customer segment, embraces innovation as a strategic challenge and a defining trait of its culture, and leverages its leading position in retail banking in Spain and Portugal to play a key role in contributing to sustainable economic growth. What projects do we develop? The position is based at SSCC in Barcelona or Madrid. The Cybersecurity Audit team assesses the technological risk control environment (primarily security and availability) across CaixaBank and Group companies by reviewing risks, processes, and controls. KEY RESPONSIBILITIES FOR THIS POSITION: * Audit of technological risks associated with CaixaBank Group’s processes, applications, and infrastructures. This includes analysis of IT governance and strategy, as well as technical reviews of cybersecurity, availability, operations, and operational resilience controls implemented across existing Group systems and infrastructures (mainframe, midrange systems, endpoints, websites, apps, networks, databases, cloud services, etc.). * Compliance reviews against industry standards or regulations (ISO27001, ISO22301, GDPR, PSD2, PCI, SWIFT, DORA, etc.). * Reviews of significant security or IT infrastructure incidents causing severe service disruption or information confidentiality risk. * Reviews of physical security processes and controls (cash management, alarm systems, building access, etc.). * Monitoring of major Group technology projects and impact assessments of new technological regulations. * Participation in internal and external working groups aimed at enhancing the Audit function and sharing information with peers. * Execution of audit reviews covers the following steps: * Definition of review scope and objectives. * Development of the audit plan and work program according to the Audit Department’s methodology (aligned with the Institute of Internal Auditors’ standards). * Risk analysis of the process based on sound risk management practices. * Meetings with relevant process or system owners and review of existing documentation. * Identification of implemented controls and execution of assurance testing—including procedure reviews, data testing, and command/script execution on audited systems. * Identification of weaknesses and discussion thereof with responsible parties. * Preparation of the audit report and presentation of conclusions. * Escalation of conclusions to Management and Governance Bodies. * Follow-up and verification of proposed recommendations and action plans. Minimum Requirements * University degree, preferably in Computer Engineering, Telecommunications, Cybersecurity, or Artificial Intelligence. * Experience in IT architecture, cybersecurity, or technology departments. * Knowledge of protection, detection, and response strategies against cyberattacks, as well as application of AI-based models for cyber defense. * Knowledge of high-availability strategy design, capacity planning, storage, monitoring, and operation of infrastructures. * Experience managing Linux, Windows, mainframe, database, cloud architecture, microservices, network, or cybersecurity tooling systems. * Familiarity with data exploitation tools and scripting languages for extracting and analyzing system and infrastructure information. * Interpersonal and communication skills when engaging with audited units. * Proactive attitude, commitment, teamwork capability, and ability to manage external teams. * Analytical and systematic mindset for risk assessment and drawing value-added conclusions. * Ability to synthesize information and clearly articulate findings in reports and presentations. * Independent judgment, integrity, objectivity, and confidentiality. * Advanced English proficiency; international work experience is valued. OTHER FACTORS CONSIDERED: * Prior experience conducting audits—especially with prominent external audit firms (Big 4) or niche cybersecurity audit providers. * Knowledge of IT governance and security regulations and standards. * Official certifications in IT auditing, information security, or technology environment management (CISA, CISM, CISSP, CEH, etc.). What do we offer? * Opportunity to join the most innovative bank in Western Europe, as recognized by Global Finance magazine’s “The Innovators” awards. * Onboarding program and personalized mentoring to support your professional development. * Individualized training pathway with access to our online platform offering an extensive catalog of self-paced learning resources to foster continuous growth. * Comprehensive health insurance fully covered at no cost to you. You will also be enrolled in the Pension Plan, to which CaixaBank contributes toward your future. * Flexible compensation covering transportation, training, languages, childcare, and other areas. * Flexibility measures (remote work, flexible start times). * Top Employer certification recognizing us as one of the best companies to work for. Job profile Competencies **HARD SKILLS** AUDIT INTERNAL TOOLS, SYSTEMS, AND PROCESSES INFORMATION SECURITY CLOUD ENVIRONMENTS BANKING REGULATORY AND COMPLIANCE FRAMEWORKS RISK ASSESSMENT ANALYTICAL, SYNTHESIS, AND WRITING CAPABILITY SCRIPTING PROGRAMMING LANGUAGES SYSTEMS ENGINEERING CORPORATE GOVERNANCE AND INTERNAL CONTROL SYSTEMS AUDIT METHODOLOGY, TECHNIQUES, AND REGULATIONS FRAUD DETECTION, PREVENTION, AND ANALYSIS TECHNIQUES (AUDIT) PROCESS AUDITING BUSINESS MODELS ADVANCED BIG DATA ANALYSIS AND PROCESSING TASK AUTOMATION**SOFT SKILLS** ALLIANCES – COLLABORATION AND CROSS-FUNCTIONALITY ALLIANCES – COMMUNICATION ALLIANCES – INFLUENCE ALLIANCES – CLIENT ORIENTATION HUMANISM – COMMUNICATION AND EMPATHY HUMANISM – LEADERSHIP AND TEAM DEVELOPMENT / SELF-LEADERSHIP ANTICIPATION – ANTICIPATION AND CHANGE MANAGEMENT EMPOWERMENT – RESULTS ORIENTATION DIVERSITY – PROMOTING DIVERSITY