Director, Information Security Risk & Control Lead
Madison Ave Corp
Santander
Our purpose is to help people and businesses prosper. We strive to make all we do Simple, Personal and Fair.The Information Security Governance, Risk and Compliance (GRC) function is an integrated component of the Santander US Information Security Program.
As part of the Technology Information Security GRC Team this role will report to the Head of Information Security GRC. The Director, Information Security GRC, will play a key role in the GRC team driving strategic initiatives alongside maintaining operational excellence of existing processes.
Specifically this role be responsible for the following:
- Proactively identify, assess and manage Information security risks. Provide guidance/ advice of remediation activities and oversee implementation for timely remediation.
- Ensure timely registration of Information Security issues/findings in the Corporate Governance Risk and Compliance tool. Ensure that issues/findings are appropriately mapped to risks and controls.
- Execute and maintain quarterly Control Maturity Assessment and annual Cyber Risk Assessment reporting for the Information Security Committee.
- Maintain Control Maturity Score and Control Suite Effectiveness metric within expected annual objective by proactively tracking remediation, identification of control improvements and appropriate documentation/evidence.
- Collaborate with the testers in the semi-annual control testing by coordinating and facilitating the Information Security process and control assessment through evidence collection and appropriate documentation of existing processes.
- Provide Information Security Risk Management guidance and support to the Information Security leads and operational teams e.g.: Cyber Operations, Identity and Access Management, Security Architects, etc.
- Build partnership and collaboration with the different areas involved in risk management across the organization e.g.: Second Line of Defense Operational and Information Risk Management teams, Business Control Office, Business Information Security Office, etc.
- Build partnership and integrate into governance routines for Santander Global CISO initiatives within the Information Security Risk domain.
- Perform risk aggregation and risk analysis to identify top risks and areas of focus/improvement for prioritization.
- Manage key strategic initiatives relating to Third Party Risk Management In relation with Information Security requirements. This includes experience evaluating TPRM controls and processes at the vendor side as well as definition of the appropriate evidences of compliance and evaluation of SOC2 reports when needed.
- Experience working with Legal to evaluate and define contractual clauses. Maintain Data Security Exhibit clauses up to date and aligned with industry best practices and Santander standards.
- Manage and coach a team of 5 internal team members and ability to influence others to achieve risk management goals.
Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education:
Bachelor's Degree or equivalent work experience: Computer Science or equivalent field.
Work Experience:
8+ Years Experience in Information Security along with related financial institution experience.
8+ Years Experience with technologies/platforms that enable log collection, event correlation, encryption, key and certificate management, etc. Pref
Required Skills (Experience: 5+ years managing teams, 8+ years in information security):
- Demonstrated experience working with key Information Security frameworks including NIST, FFIEC CAT, CIS Control library, etc.
- Pro-active approach to problem solving, with experience in identifying areas of improvement, determining, and implementing solution.
- Knowledge of technologies and technology-based solutions dealing with information security issues; ability to apply these in protecting information security across the organization.
- Knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organizational network operation and minimize negative effect by cybersecurity risks.
- Understanding of the importance of inter-team collaboration in breaking down silos and achieving business results; ability to lead employees from various functions to communicate, coordinate work across divisions, and collaborate in solving problems as one team.
- Understanding of the importance of "big picture" thinking and planning and ability to apply organizational acumen to identify and maintain focus on key success factors for the organization.
- Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing.
- Ability to maintain and implement best practices within Information Security
- Ability to drive execution of goals through effective planning, prioritization, resource management and follow through.
- Ability to manage multiple, ongoing initiatives
Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.
Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.
Employer Rights: This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.
The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.
Base Pay Range
Minimum:
$131,250.00 USDMaximum:
$215,000.00 USDTags: Certificate management CISO Cloud Compliance Computer Science Encryption FFIEC Governance IAM NIST Risk analysis Risk assessment Risk management SOC 2
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.