Skip to main content
Location Dallas, United States Category Information Technology Date posted 14/11/2020 Job ID o1IWdfwC

Description

Essential Functions:

  • Annually, executed Risk and Control Self-Assessment (RCSA) program in accordance with enterprise methodology.
  • Acts as a liaison with Risk and Compliance or second line of defense- to develop and implement new policy requests/revisions, to complete all line of business related risk assessments, risk mandates, continuity plans, resolution plans and execution.
  • Analyzes, evaluates and provides strategic guidance and direction for programs, policies and procedures to ensure alignment with regulatory requirements and acceptable risk mitigation practices.
  • Develops and implements appropriate controls and procedures reflecting the standards set forth in the policies and Regulations while accounting for risks inherent in the products, services, types of customers, locations of customers, and functions of the Business Unit.
  • Develops implements and monitors compliance program and controls for the assigned area. Identifies gaps in controls, proposes solutions, and implements corrective actions,
  • Documents, evaluates and, where appropriate, improves policies, practices and procedures.
  • Assists with developing, managing and enforcing standard processes, tools, protocols, audit requests with internal and external stakeholders to meet project objectives.
  • Acquires and applies a developing understanding of risk and control issues within the business.
  • Looks for process improvements and efficiencies and makes recommendations to improve policy and procedures.
  • Reports to management on regulatory developments and risks/issues identified within assigned technology area. Regularly provides reports/updates to management team on progress.

At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Requirements:

Education & Certification -

  • Bachelor's Degree or equivalent work experience
  • CISA/CISSP/CRISC/Security+, Network +, or CCNA Certification (at least one certification desired)

Experience and Technical Skill–

  • 2-3 years Risk Management or equivalent experience
  • Data Analytics

Skills & Abilities -

  • Prior experience with Risk and Control Self-Assessment (RCSA) / Cyber-risk assessment / Cyber security assessment / SOX testing is required.
  • Develop and document test procedures and/or document recommendations for test plan modifications that improve validation of control objectives. Test procedure development may cover a wide range of technically diverse topics ranging from IP Network Discovery, access management, network security/operation, vulnerability management, Information Security, SDLC, Backup and others.
  • Knowledge and understanding of basic concepts of technology areas across municipal technology platforms including Windows, LINUX, Network and IT Operations, and Virtualization to assess and test technology/info sec controls. (Must be knowledgeable in at least few of these areas).
  • Data analysis skills and ability to develop scripts to gather data required for control testing/assessment. Automate Testing procedure where possible.
  • Perform multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level testing. Obtain, review, and interpret evidence provided to validate controls are performed effectively and identify vulnerabilities, gaps, or control deficiencies. Identify risks associated with control failures and supports the identification of mitigating controls.
  • Ability to accurately document control testing results in sufficient details.
  • Big 4 experience is desired.
  • Excellent presentation, interpersonal, written and verbal communication skills.
  • Foundational understanding of regulations including internal controls, Sarbanes-Oxley (SOX), SOC, PCI, GLBA, and NYDFS compliance.
  • Knowledgeable in applicable frameworks including NIST Cybersecurity Framework, COBIT, COSO, ITIL, etc.
  • Strong process facilitation, project management, and analytical skills.
  • Understanding of the products/services, systems, and associated risks/controls.
  • Knowledge of Risk/Compliance/Audit competencies.
  • Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations.


Working Conditions:

  • Frequently: Minimal physical effort such as sitting, standing, and walking.
  • Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.
  • Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.


Employer’s Rights:

  • This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description.
  • The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.

Employees desiring consideration should complete an online application, utilizing the appropriate process as subscribed by the posting entity. Employees should provide all pertinent information to support their candidacy.

To be considered eligible for internal posting, Santander employees must meet all of the following eligibility requirements:

  • Completion of at least one year of active service in Santander
  • Completion of at least twelve months in current position
  • Be in "Good Standing"

Please click here to see the full policy- https://tbcdn.talentbrew.com/company/1771/internal_v2_0/img/eligibility.pdf

Apply for role

Sign up and be the first to receive our latest job updates.

Interested InSearch for a category and select one from the list of suggestions. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Information Technology, Dallas, Texas, United StatesRemove