Global Detect Attack Surface Management Director

• Sep 2020 - Present

Global GRC Compliance & Control

• Aug 2018 - Sep 2020

Develop Global Cybersecurity policies for Santander Group.Develop Global Standards according to Global Policies.Support Santander entities with Audits and Examinations.Follow up cybersecurity recommendations and findings and support with their implementation.Ensure compliance with internal and external regulations in Santander Group.Support Santander entities with the remediation of Red Team exercises incidents. Develop Global Cybersecurity policies for Santander Group.Develop Global Standards according to Global Policies.Support Santander entities with Audits and Examinations.Follow up cybersecurity recommendations and findings and support with their implementation.Ensure compliance with internal and external regulations in Santander Group.Support Santander entities with the remediation of Red Team exercises incidents.

Global CISO

• Oct 2017 - Aug 2018

The Global CISO is responsible for defining the cybersecurity strategy for Santander Private Banking and leading Information Security functions globally for all Private Banking areas and processes. Describe the global requirements and approach to be protecting the confidentiality, integrity, and availability of Santander Private Banking information. Develops and implement Security initiatives to maintain Santander Private Banking information and infrastructure secure and to ensure compliance with security policies and regulations. Monitor all Santander Private Banking systems to detect malicious activity and respond in an effective way. Maintains Santander Private Banking globally compliance to all applicable regulations and manages the Internal /External auditing processes. Defines and generates KRIs to measure risks globally and continuous improvement. Globally develop and implement processes and procedures to comply with policies and regulations and to work efficiently in a Global way.Position Duties / Responsibilities:- Define the global cybersecurity strategy for Santander Private Banking.- Manage internal/external audits, control testing and regulatory exams.- Coordinate and perform the Global Risk assessments.- Investigate, evaluate and compare the different tools and solutions regarding security and IT in order to be proactive and incorporate them to the day to day operation.- Implement a global security threat intelligence procedure.- Ensure effective implementation of governance framework, cybersecurity and risk assessment program.- Define a global methodology for security monitoring and maintaining availability and integrity of information technology systems.- Unify procedures, good practices and tools globally in Santander Private Banking.- Promote a culture of high performance and continuous improvement that values learning and a commitment to quality and good banker’s practices.

IT Governance and Security Manager

• Jun 2015 - Aug 2018

Responsible for planning, developing and monitoring Security Architecture and Security Infrastructure, as well as IT Governance processes and procedures implementation. Describe the overall requirements and approach to be protecting the confidentiality, integrity, and availability of organizational sensitive information. Develops and implements technology initiatives within the organization while ensuring compliance to all security policies. Maintains IT compliance to all applicable regulations and manages the Internal /External auditing processes. Defines and generates KPIs to measure quality and continuous improvement. Ensure compliance with policies and regulations and establish/update IT processes. Internal/External Audit Process Management. Documentation of processes & audit reviews.- Security Architecture: Planning & development of IT security related matters.- Security Infrastructure services: Refers to the capabilities around running the equipment to maintain a secure operating requirement.- Assists in project support and ad-hoc support to IT in order to collaborate and coordinate on security related matters.- Identification of permissions or entitlements to be assigned to a role within an application or across applications.- Evaluation, testing and secure implementation of new/emerging technologies.- Due diligence activities and IT Risk assessment to ensure solutions to be implemented will meet Santander requirements.- Monitoring and evaluation to ensure security standards.- Define methodology for Monitoring and maintaining availability and integrity of information technology systems - Ensure proper execution of production activities and processes - IT Security: logical and physical- Participation in IT Architecture strategy definition & design- Storage and Backup strategy- IT Vendor Management- IT Business Continuity Plan / Disaster Recovery

Local Information Security Officer

• Nov 2014 - Jun 2015

As Assistant Vice President, I manage the Local Security Organization (LSO) for the International Private Banking Division, encompassing the business units in Miami Geneva and Nassau. I oversee the following key functions for the LSO:• Access Management: I promote, maintain and improve security levels; oversee implementation of information system access control and management framework; participate in defining processes for managing profiles and users.• Third Parties Management: I assess the impact of any new or acquired third-party services that affect security and manage indicators that apply to third parties.• Legal and Regulatory Compliance: I remain aware of and document all legal and regulatory obligations related to security; maintain appropriate contact with legal authorities; participate in information security audits; manage information security compliance and identify and manage local waivers for governance.• Training and Awareness: I encourage training and awareness actions; and analyze training initiatives to ensure they are effective.• Security Incidents: I participate in the incident management lifecycle an maintain statistical data related to security incidents.• Security Director Plan: I produce and manage the Security Director Plan.• Fraud Control and Mitigation: I participate in the internal and external fraud control and mitigation process relative to information security issues.• Risk Assessment and Implementation and Change Processes: I participate in the information security aspects of change management lifecycles whenever a new information system is implemented or an existing system is modified.• Security Governance Relationship Model: I serve as liaison for all security and technological risks matters and verify information security status and level for system implementations.• Business Continuity Plan: I maintain the Business Continuity Plan including coordination with affected business areas and Information Technology.

IT Auditor at Santander Group

• Jun 2007 - Nov 2014

A specialist in the core banking architecture of Santander Group (throughout Europe, the United States and South America). During this time I have performed the following kinds of audit and roles: - Technology Audits: IT Functions (Governance, Production, Development and Security), Internet and Phone Banking Services and Banking Applications / Processes. - Financial Audits: Basel II (Credit, Market and Operational Risk), Accounting Reconciliation, Accrued Interest Calculation, Generic and Specific Provision, Treasury. - Regulatory Audits: FED (US Federal Reserve), LOPD (Personal Data Protection, Spain), SOX (Sarbanes-Oxley). Supervision of a staff of auditing professionals and with responsibility for the direction and performance of internal audits of computer systems and architecture and related-operational procedures and models to determine the adequacy of the IT risk control structure and compliance with established IT policies and procedures.Elaboration of comprehensive reports detailing findings and setting out recommendations for minimizing the Bank’s IT risk exposure.Collaboration in the development of the audit policies, procedures and work programs to carry out IT audits.

Technological Consultant

• Jan 2006 - Jun 2007

Managed a team of IT experts to advising companies in our province (Albacete, Spain) in the implementation of IT solutions. This team visited companies and sent me the information obtained. I then prepared a report for the companies with our advice. Managed a team of IT experts to advising companies in our province (Albacete, Spain) in the implementation of IT solutions. This team visited companies and sent me the information obtained. I then prepared a report for the companies with our advice.

Research and Development Engineer

• Sep 2004 - Jan 2007

Coordination and management of R&D projects in the company Eurocopter in collaboration with University of Castilla la-Mancha.In these projects I managed a team of developers to implement a specific programming language to control the helicopter manufactured by the company. Also, we develop a compiler for this language.Coordination and management of R&D projects in the company RENFE in collaboration with University of Castilla la-Mancha.In these projects I managed a team of developers and mechanical engineers to develop an application to calculate the power that trains apply to the power cable.