Sr. Associate, Information Risk Management
Company: Santander Holdings USA Inc
Posted on: November 25, 2022
Sr. Associate, Information Risk ManagementCountry: United States
of AmericaWHAT YOU WILL BE DOINGThe Sr. Associate for Information
Risk Management is responsible for the strategic development,
implementation, and effective execution of activities in the
Information Risk Management (IRM) program. The key program elements
of which cover include internal loss, external loss, risk
assessment, business impact assessments, KRIs, scenario analysis /
stress testing, awareness, and communication, issues and
remediation planning, tracking, MIS and reporting, testing,
compliance, and monitoring.Essential Functions:
- Analyzes, measures performance, monitors trends, defines limits
according for Santander Consumer USA IRM Risk exposures in
accordance to Risk Appetite.
- Assist in the ongoing oversight of IRM as part of the
established Information Risk (IR) Framework in support of the first
line of defense.
- Contributes to escalation, reporting, communication to Risk
- Helps drive culture of risk awareness.
- Supports the creation, management, and development of IRM
program strategy, policies and models within the Santander Consumer
USA to reduce risk for technology operations and Information and
- Education -
- Bachelor's Degree: Business, Finance, Management, or equivalent
- or equivalent work experience
- Experience -
- 8+ years Risk Management or Governance, Risk and Compliance
- 8+ years combined in Information Technology, Cyber or
- 3-6 years Financial Services industry
- Primary Skills -
- IT Asset Inventory and CMDB
- Network Security incl. Firewall and Segmentation
- Incident & Change Management
- Technology Architecture
- Basic Technology Risk requirements -
- Review and analysis of security-related configuration and
hardening standards for Windows, ESX, and RedHat servers, Windows
laptops/desktops, SQL Server database and network technologies
within the enterprise. -
- Reviewing configuration and policies of Information Security
Scanning Tools covering operating systems and databases. -
- Review and challenge compliance metrics published by
corporate-wide audience and prepare conclusions for review by ORM
(Operational Risk Management) and senior management.
- Review and verify compliance with Information Security related
standards and process documentation (e.g. End User Computing and
- Supporting internal and external audit exercises.
- Regulatory Knowledge: - Gramm-Leach Bliley Act (GLBA),
Sarbanes-Oxley (SOX), OCC Heightened Standards, FFIEC Guidelines,
- General Skills & Abilities -
- Strong operational risk management principles, methodologies
and tools, governance principles and activity preferably in a
financial services technology environment.
- Ability to independently operate in a complex, matrixed
environment; adept at delivering and maintaining productive working
relationships across business, functions, geographies and lines of
- Advanced technology or operational risk, process, and control
validation and/or assessment skills.
- Ability to handle conflict resolution with other groups to
ensure appropriate accounting guidance is followed.
- Ability to adjust to new developments/changing
- Ability to convey a sense of urgency and drive issues/projects
- Ability to effectively interact with the market, executive
management and vendors.
- Ability to adapt and adjust to multiple demands and competing
- Excellent written and oral communication skills.
- Excellent analytical, organizational and project management
- Strong project management skills.
- Preferred general technical Skills -A general understanding,
working or auditing knowledge for majority of areas listed is
preferred:Microsoft Windows, Red Hat Linux, IBM AIX, IBM
Mainframe/Midrange, VMWare ESXi, LAN/WAN/MAN Networking, Firewall
Technologies, Intrusion Detection/Prevention Systems (IDP/IPS),
Security Information and Event Management (SIEM), Cloud Computing,
Web Proxies, SQL/Oracle/DB2 Database Technologies, Storage Area
Networks (SAN) and Network Attached Storage (NAS), Email Systems,
End-User Computing, Web Servers
- Preferred Certification -
- CISSP (ISC2), CISM (ISACA), GIAC (SANS) CRM, CISA (ISACA),
CRISC (ISACA), IT Risk Fundamentals (ISACA), Certified business
Continuity Professional (CBCP, issued by the DRI), AWS or Azure
Cloud Security CertificationSantander is an equal opportunity
employer. All qualified applicants will receive consideration for
employment without regard to race, color, religion, sex, sexual
orientation, gender identity, national origin, genetics,
disability, age, veteran status or any other characteristic
protected by law.Employer Rights: Employer Rights:This job
description does not list all of the job duties of the job. You may
be asked by your supervisors or managers to perform other duties.
You may be evaluated in part based upon your performance of the
tasks listed in this job description. The employer has the right to
revise this job description at any time. This job description is
not a contract for employment and either you or the employer may
terminate at any time for any reason.
Primary Location: -Dallas, Texas, United States of America
Organization: -Santander Consumer USA Inc.
Keywords: Santander Holdings USA Inc, Homestead , Sr. Associate, Information Risk Management, Executive , Miami, Florida
Didn't find what you're looking for? Search again!