Technology Risk, Governance & Controls Senior

About Open Digital Services

Open Digital Services is the software development company of Santander Group, dedicated to powering the next generation of banks by creating innovative banking products and implementing them in collaboration with Santander Group Affiliates.

Santander Group, one of the world's largest financial institutions and the Eurozone's leader, is committed to being the best Digital Bank with Branches. Our mission at ODS is to design and support an advanced digital and omnichannel platform, ensuring the best customer experience using cutting-edge technology. Openbank, our flagship partner, is where we develop our most advanced concepts first. Join our Best-in-Class team to create unique value for customers, tackling exciting tech challenges in an agile environment, benefiting from learning, growth, and local and international career opportunities in a modern, diverse setting.

Mission of the Role

The Technology Risk, Governance & Controls Senior in the Risk & Compliance team operates from a transversal second line of defence perspective. This role involves defining and monitoring technology KPIs and KRIs across countries, constructively challenging practices, identifying emerging risks early, and supporting technology teams in strengthening security, resilience, and regulatory compliance.

This position has a direct executive impact by enabling informed senior-management decisions, reinforcing regulatory confidence, and helping to scale digital products safely, consistently, and sustainably across all geographies.

Key Responsibilities

• Management and Monitoring of Technological and IT Risk Indicators (KPIs/KRIs) across countries: This includes defining and maintaining KPIs/KRIs, ongoing monitoring of indicator performance, analyzing deviations, critically reviewing reported information, effectively challenging teams to ensure data quality and consistency, identifying control weaknesses and relevant risks, escalating alerts, and supporting the definition and follow-up of action plans.
• Reporting to countries / subsidiaries: Developing periodic reports of metrics and KPIs, coordinating with local teams for information gathering and validation, and ensuring homogeneous criteria and aligned messaging at Group level.
• Application Management and Inventory: Maintaining the application inventory, conducting technical reviews of applications based on classification (criticality, confidentiality, RTO, RPO, data, etc.), verifying compliance with required controls based on application category (security, continuity, resilience, etc.), and following up on gaps and remediation actions.
• Technological Risk Management: Identifying, assessing, and monitoring technological risks, supporting IT areas in defining mitigation plans, and following up on action plans.
• Operational Risk: Managing IT risks within the Bank’s internal Operational Risk framework, supporting the identification of changes, root causes, and IT-related controls, and coordinating with Operational Risk teams.
• IT Control Framework Oversight: Assessing the adequacy and effectiveness of IT controls, identifying gaps and areas for improvement, and following up on action plans and supporting evidence.
• Interaction with Internal and External Audit: Supporting internal and external IT/technology audits and following up on findings and action plans.
• Governance and Awareness: Supporting training and awareness initiatives and promoting IT control best practices.
• Continuous Improvement and Automation: Proposing improvements to control and reporting processes and utilizing tools to automate indicators and reporting.
• Cross-functional Coordination: Coordinating with IT, Security, Continuity, Data, and Risk areas, and ensuring alignment with regulatory and corporate requirements.

What You'll Bring

• At least 4 years of experience in Technology Governance, Risk and Compliance (IT / Cyber GRC) within large, regulated, and international environments.
• Strong expertise in defining, overseeing, and challenging KRIs, risk metrics, and dashboards, ensuring data quality, consistency, and meaningful insight.
• Proven experience in senior-level reporting and oversight across multiple countries or entities, balancing local requirements with global standards.
• Solid background in governance models (1LoD / 2LoD), including control oversight, independent challenge, and coordination of testing activities.
• Demonstrated experience managing and maintaining technology/application inventories, including criticality, ownership, and risk attributes.
• Excellent stakeholder management and communication skills, with the ability to influence, escalate, and report effectively to senior management.

What We Offer

• Joining a dynamic and agile company undergoing international expansion.
• Working in start-up mode with the support of the Santander Group.
• Competitive remuneration and attractive benefits package.
• Possibility of growth within the company and the Group.
• Collaborating on international projects in different countries.
• Excellent work environment, social clubs, and frequent events.

Key skills/competency

• Technology Risk Management
• IT Governance
• Regulatory Compliance
• KRI/KPI Definition & Monitoring
• Application Inventory Management
• IT Control Frameworks
• Audit Support
• Stakeholder Management
• Data Quality Assurance
• Operational Risk