Sr. Business Continuity and Information Risk Associate

Sr. Business Continuity and Information Risk Associate

Country: United States of America

Position Summary:

The Sr. Business Continuity and Technology Risk Associate is responsible for ongoing oversight, assessment, management and reporting of technology and cybersecurity risks across Banco Santander International (BSI). This role is established in the second line of defense and requires collaboration across IT, CISO, Data Office, Operational Risk, Internal Audit and other relevant functional stakeholders within the organization in the management of Technology risks. An excellent understanding of the evolving regulatory landscape in the US and EU are vital for success in this role.

The day-to-day focus may vary depending on the requirements of the overall second line of defense program priorities directed by the Chief Operational Risk Officer and may include: planned or ad-hoc technical risk reviews, technical review of IT and security architectures, review and challenge activities of IT or Business initiatives, risk reporting, development as well as review and challenge of technical risk framework and methodologies.

Sr. Business Continuity and Technology Risk Associate reports to the Chief Operational Risk Officer.            

Position Duties / Responsibilities:

Program Development
• Direct the development and execution of projects for Banco Santander International (BSI) covering Business Continuity and Technology Risk Management (IRM) that comply with applicable regulations and identify milestones and compliance dates.
• Report and monitor conformance and delivery against project plans, making adjustments and recommendations, where justified.
• Drive culture of Technology Risk and Business Continuity Risk awareness and deliver required training.
• Direct risk measurement and monitoring processes and communicate results, recommendations and escalations to the BSI Chief Operational Risk Officer (CORO).
• Assess and communicate Technology and Business Continuity risk associated with all material activities/projects of the company.
• Act as liaison with group, holding company and entity counterparts for identification of best practices, standards, policy and program updates for TRM and BCM.
• Communicate to BSI CORO significant developments in the maturity of the Business Continuity Management and Technology Risk Management Program and Framework.
• Perform independent review and challenge with first line of defense (1LoD) and address risk and control self-assessment (RCSA) outputs for technology infrastructure.
• Support the development and implementation of the Technology Risk and Business Continuity Risk program strategy, policies and models.
• Prepare, summarize and report updates of technology risk management (TRM) risk drivers and business continuity management activities (BCM) to CORO and applicable stakeholders.
• Support implementation at the operating units by serving as Business Continuity risk management and TRM subject matter expert.
• Interact with other Risk Managers and department heads.

Compliance
• Coordinate with the first line of defense to implement the new and existing regulatory standards regarding governance, the Technology and Business Continuity Risk Management Framework and related policies and procedures.
• Lead in the execution and review of concluded risk assessments, attestations and perform IT compliance control testing review and challenge.
• Create and report auditable measurements, remediation of findings and report recommended course of action to the BSI CORO, on a routine basis, for all matters related to TRM and BCM.
• Maintain regulatory compliance and credibility with regulators at the Federal Reserve Board, with respect to Business Continuity risk management and Technology risk issues.
• Facilitate effective regulatory examinations and audit reviews when required.
• Oversee the review of reports and updates from GDPR, SOX, FFEIC, OCC, GLBA and Group for Operational Risk Management effectiveness in support of the BSI CORO and alignment of objectives.
• Prepare and provide reports and evidentiary support for internal and external auditors, regulators and the bank’s management.
• Liaise with Banco Santander International (BSI) headquarters to ensure corporate Business Continuity and Technology Risk Management requirements are being met.
• Build relationships and communication channels with compliance community including internal and external auditors, departments and managers.
• Provide functional and analytical support for the bank’s Governance Risk and Compliance and BCM tools and applications.

Business Continuity Management
• Coordinate with the first line of defense to implement the new and existing regulatory standards regarding governance, the Technology Risk and Business Continuity Risk Management (BCM) Frameworks and related policies and procedures.
• Manage complex and changing business contingency planning and scenarios in support of 1LoD and 2LoD operational effectiveness and BSI CORO oversight.
• Support BCM program deliverables for both short and long-term objectives and report BCM program results to the BSI CORO on a monthly basis.
• Oversee the implementation of the Business Continuity Management (BCM) Program and related risk analytical activities for BSI in a manner that is consistent with applicable regulatory requirements.
• Review and report risk and control activities within BCM including oversight of plan review and approval.
• Coordinate and oversee BCM testing schedule, cyber resiliency program, scenarios and exercises.
• Provide analysis for Business Impact Analysis (BIA) reporting, business impact criticality and cyber resiliency programs and activities.
• Facilitate effective regulatory examinations and audit reviews when required.
• Provide routine communication on the business continuity strategy and operational resilience reports to BCM program stakeholders and submit timely recommendations to the BSI CORO.
• Submit audit documents and evidentiary support to auditors and regulators within time intervals.
• Prepare and submit the bank’s Annual BCM Summary report for BSI CORO review and approval.

Technology Risk Management
• Act as the second line of defense subject matter expert on technology risk management.
• Identify and assess technology risks, ensure awareness and accountability for their management.
• Design and execute independent testing and assurance of technical domains.
• Participate in the independent and ongoing risk oversight of key technology components of the firm’s business and strategy initiatives.
• Participate in evaluation of new products / business changes / projects and assess related technology risks and impact to the technology risk profile.
• Participate in the evaluation and management of risks related to third-party suppliers involved in technology projects .
• Perform review and challenge of first line of defense risk management processes, data and outcomes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.)
• Analyze Technology risk data from various sources (e.g. external events, control deficiencies, risk register etc.) to identify and measure levels of risk, concentration, trends and patterns; drive automation, risk analytics & aggregation and risk visualization.
• Support process for constructive engagement across the Lines of Defense regarding risk appetite, risk metric determination or evaluation, issue management and action plans.
• Advises on remediation of regulatory findings, correction of any inconsistencies and monitors resolution.
• Prepare information to enable governance committees / working groups in the management oversight of technology risks.
• Initiate timely escalations to Chief Operational Risk Officer (CORO) and the Technology Risk leadership team.
• Work across the lines of defense to recommend strategies that effectively treat risks within the risk appetite.
• Maintain good communication with the Chief Information Security Officer (CISO) and prepare feedback to BSI Chief Operational Risk Officer (CORO) on enhancing the protection and resilience of the bank’s systems and operations

• Other duties as assigned or requested by immediate supervisor.

Education:

Bachelor’s degree required; Master’s degree preferred or equivalent experience

Business Experience:

6 - 8 years of relevant experience or demonstrated required level of proficiency

Specialized and/or Technical Knowledge:

• Practitioner experience in Technology or Cybersecurity risk management with an ability to lead technical risk assessments, identify and assess risks, document findings and opinions, and develop risk reporting.
• Good understanding of regulatory requirements e.g. FFIEC, FDIC, OCC requirements and industry frameworks and practices e.g. COBIT, ITIL , ISO, NIST 800-53, CSA-CCM v4, Fed Ramp, CIS Benchmarks.
• IT Service Management domains e.g. IT Change Management, IT Capacity Management, IT Incident Management, IT Release Management.
• Software Development Lifecycle (SDLC).
• IT Asset Management and Shadow IT (End User Computing).
• Networks and Communication Systems.
• Virtualized infrastructure.
• Payments technology e.g. SWIFT, Fedline etc.
• Advanced levels of proficiency in MS Excel and Powerpoint.
• High levels of proficiency with data visualization and reporting tools such as PowerBI and/or Tableau.
• Working knowledge of the Python ecosystem, including best practices (Pref).
• Excellent written and verbal communication skills.

Licenses / Certifications:

• CISM, CISA, CRISC, CISSP, or equivalent (preferred).

Languages:

• English, Spanish preferred.

Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.

Employer Rights: Employer Rights: This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range

Minimum:

$93,750.00 USD

Maximum:

$165,000.00 USD