IT & Cyber GRC Senior Manager | S4 | CIO | Milton Keynes

Country: United Kingdom

IT STARTS HERE

Santander is evolving from a global, high-impact brand into a technology-driven organisation, and our people are at the heart of this journey. Together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible. This is more than a strategic shift. It’s a chance for driven professionals to grow, learn, and make a real difference. Our mission is to contribute to help more people and businesses prosper. We embrace a strong risk culture and all our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

Santander Digital Services is the team of technology and operations at Santander. We are convinced of the importance of technology that is aligned with the requirements of the business and that our work not only brings value to users, people and communities but also fosters individual creativity. Our team of over 7,000 people in 8 countries develops and/or implements financial solutions across a broad spectrum of technologies on all kinds of on-premise and cloud-based platforms.

THE DIFFERENCE YOU MAKE

Santander UK is looking for an IT & Cyber GRC Specialist based out of Milton Keynes. We are seeking highly motivated and experienced IT & Cyber GRC Specialist (1LoD) to cover the UK working collaboratively with our global partnerships. The role holder within UK Technology and Operations will be responsible for providing expertise and leadership within the Governance, Risk and Compliance team, with a particular focus on compliance to technology and cyber risk, leading engagements over internal and external audits ensuring compliance to regulation including preparation for regulatory inspection.

The ideal candidate will have a successful track record in managing IT & Cyber risk, leading teams, senior management regime compliance, driving continuous improvement and evolving a strong risk culture. This role requires senior experience in NIST GRC practice, excellent leadership skills, and a passion for delivering outstanding customer service through strong risk culture.

To succeed in this role, you will be responsible for:

• Providing thought-leadership in Governance, Risk and Compliance best practice aligned to external frameworks.
• Leading 1LoD audit engagements, including our external audit relationship for Sarbanes Oxley testing.
• Leading and promoting a solid culture of risk awareness and control management.
• Developing and implementing control measures to maintain risk management practices in IT and Cyber for Financial Services while keeping up to date with industry best standards.
• Preparing reports for executive management, Board and regulatory bodies as required.
• Ensuring compliance to regulation, policy and company requirements within company appetite.
• Leading by example, fostering a culture of compliance which balances risk reduction through control effectiveness against the needs of the business and its customers.

WHAT YOU’LL BRING

Our people are our greatest strength. Every individual contributes unique perspectives that make us stronger as a team and as an organisation. We’re enabling teams to go beyond by valuing who they are and empowering what they bring. The following requirements represent the knowledge, skills, and abilities essential for success in this role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Professional Experience

• Holding end-to-end accountability for audit delivery, ensuring audits progress in line with agreed plans, milestones are met, and management actions are remediated within agreed timeframes, with clear escalation of delays or control concerns to senior governance forums. (Required)
• Producing clear, executive-level reporting for senior stakeholders, articulating key risks, control deficiencies, root causes, and priority remediation actions in a concise and decision-focused manner. (Required)
• Proven experience managing relationships with internal and external auditors, business and technology/cyber stakeholders and leading large-scale assessment programmes. (Required)
• Delivery of insightful management information and reporting by leveraging data analytics and advanced analysis techniques to interrogate large and complex datasets, identifying trends, control weaknesses, or anomalies indicative of heightened technology risk. (Required)
• Supporting business in risk assessments of policy exception and waivers balancing commercial agility with risk exposure and control sustainability.
• Driving continuous improvement of IT & Cyber risk management by identifying opportunities arising from audit outcomes, regulatory expectations, and industry best practice, influencing stakeholders to implement sustainable control enhancements. (Required)
• In-depth knowledge and practical application of NIST GRC best practice. (Required)
• Excellent communication skills with stakeholders at all levels of the organisation, including technical and non-technical teams. (Required)
• Extensive Experience working in regulated industries and Tier 1 Banks, in particular leveraging technology standards, frameworks, compliance, and industry recognised best practice / standards. (Required)
• Experience with GRC tools and data analytics to enhance efficiency and insight. (Preferred)
• Professional certifications such as ISC2 Certified in Governance, Risk and Compliance (CRGC), ISACA Certified in Risk and Information System Control (CRISC) or OCEG GRC Professional (GRCP). (Preferred)
• Experience of building high performance teams. (Preferred)

Education

• Bachelor’s degree in computer science, Information Security, Information Technology, or a related field (Preferred)
• Master’s degree in a relevant discipline (Preferred)
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Risk Management Professional (CRMP), or Certified Internal Auditor (CIA) (Preferred)

Languages

• English (Required)
• Spanish (Preferred)

Hard Skills

• Strong understanding of IT & Cyber risk and control frameworks Risk and Control Self-Assessment (RCSA). (Required)
• Ability to interpret and apply regulatory requirements to IT environments (Required)
• Experience with audit processes and risk assessments (Required)
• Knowledge of cyber security principles and best practices (Preferred)

Soft Skills

• Excellent communication skills with stakeholders at all levels, including technical and non-technical teams (Required)
• Strong analytical and problem-solving skills (Required)
• Ability to influence and negotiate with stakeholders on risk acceptance decisions (Required)
• Leadership and team-building skills (Required)
• High attention to detail and accuracy (Required)
• Ability to work independently and as part of a team (Required)
• Adaptability and willingness to embrace change (Preferred)
• Strong organisational and time management skills (Preferred)

WE VALUE YOUR IMPACT

At Santander, your contribution matters. We recognise the difference you make every day, and we make sure you feel valued, supported and rewarded in return. Here, recognition goes beyond pay. It’s about the pride you feel in your work, the impact you have on customers and communities, and the opportunities you have to grow and thrive — personally and professionally.

30 days’ holiday plus bank holidays, which increases to 31 days after 5 years service, with the option to purchase up to 5 contractual days per year.

£6,000 car allowance per year.

Company funded individual private medical insurance.

Protection for you and your family, with company-funded death-in-service benefit and income protection insurance, and the option to take advantage of discounted rates for additional life assurance and critical illness cover.

Share in Santander’s success by saving or investing in our share plans.

As a Santander UK employee, you are able to request staff versions of our products like our Edge Current Accounts and Credit Cards with no fees, as well as apply to many other deals and discounts in Santander products and services.

Competitive rewards that reflect the real impact you make and the value you bring.

Wellbeing that goes beyond work — we work with a range of wellbeing partners across our 4 pillars of wellbeing (physical, mental, social and financial) to give you access to a suite of apps, discounted gym and fitness access, weekly online classes, flexible healthcare and mental health support.

Support for every life stage — from menopause and pregnancy to parenthood and beyond, with enhanced family leave, childcare options and tailored wellbeing support.

Time to give back through volunteering opportunities that let you make a difference in the communities we serve.

Global growth opportunities to shape your career, learn new skills and explore what’s possible across our international network.

Ready to be recognised? It starts with you.

LOCAL COMPLIANCE

At Santander, we’re proud to be an inclusive organisation that provides equal opportunities for everyone — regardless of age, gender, disability, civil status, race, religion or sexual orientation. We’re committed to creating a recruitment experience that’s accessible, fair and welcoming for all candidates. We want our people to thrive — at work and at home — while delivering the best outcomes for our customers and supporting each other to grow.

To make this possible, our roles are site-based with a hybrid working pattern, where colleagues are expected to attend the office at least 12 days per month (pro-rata for part-time roles). When applying, please consider the travel distance, time and cost to your chosen office location(s).

Right to work in the UK

Every individual must have the right to work in the UK to commence employment with Santander either by way of nationality, visa or work permit. If you do require a working visa/permit this will not influence our decision on whether to progress your application. However, if you do not have a right to work, or an application for a working visa/permit is unsuccessful, Santander will not proceed with your application and will withdraw any conditional offer previously made.

We welcome applications on the understanding that, should you be offered this role, there may be no relocation package available. Santander will pay the employer mandatory government fees that are required to pay in connection with visa sponsorship. You may be liable for your own personal employee immigration and relocation costs.

WHAT TO DO NEXT

If this sounds like a role you are interested in, then please apply. If there’s anything we can do in the recruitment process to help you achieve your best, get in touch. Whether it’s a copy of our application form in another format or additional assistance, we’re available through email. You can contact us at resourcing@santander.co.uk.