Mission

Serve as a delivery SME for forensics and investigations in Global Cyber Respond. Bringing traditional investigative skills, legal knowledge and business orientation to the task of overseeing DFIR/eDiscovery investigations. Bring litigation and/or law enforcement investigative experience to shape and grow the digital crime investigations capability within Grupo Santander.

Functions

• Onboard and effectively priorities cyber and digital investigations coming from a variety of internal stakeholders. Build the case structure that DFIR analysts will need to substantiate with evidence, and lead the case construction through to the best evidentiary standard.
• Establish a strong working relationship with Legal, Labor Relations and Compliance in order to build and improve Santander’s global forensic framework, and create an effective and sustainable workflow between Global Cyber Respond and stakeholders throughout the bank.
• Working in partnership with the Security & Intelligence Department, establish a strong relationship with law enforcement and ensure investigations are dynamically actioned with law enforcement, where appropriate.
• Assist entities in their litigation efforts in an expert witness capacity.
• Coordinate with local resources to set up acquisition and preservation procedures according to local law and entity specific policy.
• Design and implement the roadmap for growing a digital crimes capability within Global Cyber Respond, including operating model, thresholds and workflow management.
• Provide guidance, mentoring and leadership to members of the department on law enforcement and/or litigation matters.

Requirements

Education
ECRIME/CYBERSEC POST-GRAUDATE CREDENTIALS (MASTERS, CERTIFICATIONS, ETC..)

Competencies

• Knowledge of the Spanish regulatory environment as it relates to eCrime or any of the key LATAM markets (MX, BR)
• Documentation and written expression in English and Spanish.
• Ability to influence and lead cross-functional teams in an environment of competing interests and limited resources.
• IM skills – familiarity with a SOC – IM workflow. Ability to liaise with DFIR specialists and convey business needs that should be enabled.
• Need-to-know, ability to identify and pursue leads proportionally, ability to recognize the outcome desired by the business, and balance it with the investigation integrity. Ability to quickly gauge which cases should be prioritized from a business perspective.

Languages
English Advanced

Experience

• 5+ years Legal background and/or experience in law enforcement investigations, ideally working on matters related to cyber-crime, information security or data privacy.
• eCrime case creation or management (as a prosecutor or a litigator) and/or cyber-investigator for a law enforcement body/auditor.
• Demonstrable experience building or managing cases based on a sound evidentiary body for public or private enterprise.
• Experience in the financial/banking industry, gauging regulatory reporting obligations and interacting with regulatory bodies and law enforcement, desirable.
• Experience dealing with insider investigations in accordance with GDPR and local regulation, in an environment where several stakeholders from across the organization come together to provide effective response, desirable.