Job Summary: We are seeking a Corporate CISO to lead the digital security and resilience strategy, protect information assets, and ensure regulatory compliance within an expanding environment. Key Highlights: 1. Lead the vision, strategy, and program for digital security and resilience. 2. Ensure protection of information assets and regulatory compliance. 3. Promote cultural change and integration of AI into operations. **Description:** ---------------- Servinform is a solid and rapidly growing company with over 47 years of experience in technology and business solutions. We employ over 6,000 professionals across Spain, Portugal, Italy, and Colombia, specializing in sectors such as banking, insurance, energy, public administration, IT, and telecommunications. We deliver BPO, call center, communications, sales, customer service, and digital marketing services to more than 1,500 national and international clients. Furthermore, we operate under a Smart Business model, applying technology and artificial intelligence to achieve business objectives efficiently while keeping the human factor central. We are currently seeking to hire a Corporate CISO who will be ultimately responsible for establishing and maintaining the vision, strategy, and program for digital operational security and resilience. Their mission is to guarantee the protection of the company’s and its customers’ information assets against threats, ensuring confidentiality, integrity, and availability of information. They must comply with all applicable legal, regulatory requirements and meet client expectations in this area. They must inspire change and lead the company’s transformation: * Lead cultural change to place security at the core of solution design, while simultaneously upholding the company’s values of innovation, flexibility, and operational agility. * Support the company’s geographic expansion into various countries with differing regulatory frameworks, as well as the company’s M&A initiatives. * Adoption and integration of AI across 100% of the organization’s operations. **Your Key Responsibilities Will Include:** * **Security and Resilience Strategy and Governance:** Develop, implement, and maintain the global security policy and digital operational resilience program, aligned with business objectives and regulatory requirements for operation (ENS High, ISO 27001, DORA). Design the security strategy. Communicate with senior management for approval and oversight of the strategy. Translate technical risk into business impact understandable to senior leadership, enabling informed decision-making and assuming high personal exposure and accountability for potential non-compliance. * **Operational and Security-by-Design:** Integrate security throughout the entire system and project lifecycle. Lead the implementation and maintenance of a comprehensive, documented ICT risk management framework based on continuous improvement (PDCA cycle). Conduct formal and periodic risk analyses using recognized methodologies (e.g., Magerit) to identify, assess, and mitigate vulnerabilities and threats. Coordinate with other company departments in security incident management. \-**Auditing, Compliance, and Resilience Testing:** Ensure continuous and demonstrable compliance with DORA, ENS, ISO 27001, and GDPR. Manage the audit program or design and supervise a resilience testing program, including vulnerability analysis and advanced threat-based penetration testing (Threat-Led Penetration Testing – TLPT). Actively participate in compliance committees. * **Develop and implement ongoing cybersecurity training and awareness programs for all personnel.** * **Monitor and track security across the company’s various geographic regions.** **What We Offer:** * Permanent contract for a stable project with a consolidated position within our company. * Consulting agreement. * Competitive remuneration, commensurate with experience and expertise. * Excellent working environment. * Full-time, hybrid work arrangement. * 24x7 availability for escalation handling related to security incidents. * Location: Avda. de los Premios Nobel 37, Torrejón de Ardoz (Madrid). **Requirements:** --------------- **Education and Certifications** * Academic Qualifications (Mandatory): * University degree in Computer Engineering, Telecommunications Engineering, or equivalent. * Postgraduate MBA or similar qualification is a plus. * Certifications (Mandatory and Desirable): * CCISO (Certified Chief Information Security Officer) (Desirable). * CISM (Certified Information Security Manager) (Desirable). * CISSP (Certified Information Systems Security Professional) (Valuable). * Lead Auditor for ISO 27001 (Valuable). **Required Experience** * Minimum of >10 years’ experience in cybersecurity. * At least >5 years in a leadership or team management role for security teams within banking environments (banking experience is mandatory). * Demonstrable experience in implementing, maintaining, and auditing an ISMS based on ISO 27001 and alignment with ENS (‘High’ category). * Demonstrable experience adapting to complex new regulatory frameworks, ideally DORA or similar (e.g., NIS2). * Practical experience managing supply chain security, including drafting and auditing contractual clauses with ICT providers. • Practical experience managing complex security incidents and direct interaction with clients, auditors, and multiple regulatory authorities (e.g., Bank of Spain, Spanish Data Protection Agency (AEPD), National Cryptologic Center–National Cybersecurity Institute (CCN-CERT)). • Practical experience, coordinated with other company departments, in managing security incidents. * Experience in regulated environments handling large volumes of sensitive data (BPO, financial sector, insurance, etc.). **Technical Skills:** * Experience with security tools: SIEM, NGFW, WAF, IDS/IPS, EDR, and vulnerability analysis. * Understanding of ethical hacking techniques and advanced testing methodologies. * Solid knowledge of cloud security (AWS, Azure, Google Cloud). * Expert knowledge of network, operating system (Windows/Linux), database, and web application security. **Competencies and Skills:** * Leadership and Composure Under Pressure: Ability to effectively lead teams during security crises. * Strategic Thinking and Holistic Risk Vision: Capability to align security with business objectives, proactively manage risks, and understand impact across the financial ecosystem. * Communication and Negotiation Skills: Essential for explaining complex risks to senior management, negotiating resources, and reviewing contractual clauses with clients and suppliers. * Analytical Ability and Attention to Detail: Fundamental for risk analysis and incident investigation. * Integrity and Professional Ethics: Non-negotiable qualities for a role safeguarding the enterprise’s most critical assets. * Resilience and Stress Management: Ability to operate effectively in a high-pressure, constantly evolving environment.