Skip to main content
Location Dorchester, United States Category Risk & Governance Date posted 23/11/2020 Job ID 2004026
Technology Controls Tester Lead-2004026


Summary of Responsibilities:

The Sr Associate, Business Control & Risk Management (Technology Controls Tester Lead) provides centralized support through internal process review, quality audits, and testing to ensure operational risks are appropriately identified and controls are working as designed.  As a first line of defense, s/he tests business processes and controls, identifies gaps within processes, tracks error trends and documents results in appropriate operational system. The Technology Controls Tester identifies, responds and/or escalates risks as appropriate.

Essential Functions:

  • Annually, execute Risk and Control Self-Assessment (RCSA) program in accordance with enterprise methodology
  • Acts as a liaison with Risk and Compliance or second line of defense- to develop and implement new policy requests/revisions, to complete all line of business-related risk assessments, risk mandates, continuity plans, resolution plans and execution
  • Analyzes, evaluates and provides strategic guidance and direction for programs, policies and procedures to ensure alignment with regulatory requirements and acceptable risk mitigation practices
  • Test appropriate controls and procedures reflecting the standards set forth in the policies and Regulations while accounting for risks inherent in the products, services, types of customers, locations of customers, and functions of the Business Unit
  • Lead teams during the field work in testing the design of the controls and operating effectiveness of the controls
  • Develops implements and monitors compliance program and controls for the assigned area
  • Identifies gaps in controls, proposes solutions, and implements corrective actions
  • Documents, evaluates and, where appropriate, improves policies, practices and procedures
  • Assists with developing, managing and enforcing standard processes, tools, protocols, audit requests with internal and external stakeholders to meet project objectives
  • Acquires and applies a developing understanding of risk and control issues within the business
  • Looks for process improvements and efficiencies and makes recommendations to improve policy and procedures
  • Reports to management on regulatory developments and risks/issues identified within assigned technology area
  • Regularly provides reports/updates to management team on progress
  • Participate in group initiatives including developing automation capabilities

At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.




Education & Certification -

  • Bachelor's Degree or equivalent work experience
  • CISA/CISSP/CRISC/Security+, Network +, or CCNA Certification (at least one certification desired)

Experience and Technical Skill–

    • 9-12 years Risk Management or equivalent experience
    • Data Analytics
    • Scripting experience (Python, SQL) strongly preferred
    • Expertise with Excel (Macros, formulas, pivot tables)

Skills & Abilities -

  • Prior experience with Risk and Control Self-Assessment (RCSA) / Cyber-risk assessment / Cyber security assessment / SOX testing is required
  • Develop and document test procedures and/or document recommendations for test plan modifications that improve validation of control objectives
  • Test procedure development may cover a wide range of technically diverse topics ranging from IP Network Discovery, access management, network security/operation, vulnerability management, Information Security, SDLC, Backup and others
  • Knowledge and understanding of basic concepts of technology areas across municipal technology platforms including Windows, LINUX, Network and IT Operations, and Virtualization to assess and test technology/info sec controls.  (Must be knowledgeable in at least few of these areas)
  • Data analysis skills and ability to develop scripts to gather data required for control testing/assessment
  • Automate Testing procedure where possible
  • Perform multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level testing
  • Obtain, review, and interpret evidence provided to validate controls are performed effectively and identify vulnerabilities, gaps, or control deficiencies
  • Identify risks associated with control failures and supports the identification of mitigating controls
  • Ability to accurately document control testing results in sufficient details
  • Big 4 experience is desired
  • Excellent presentation, interpersonal, written and verbal communication skills
  • Foundational understanding of regulations including internal controls, Sarbanes-Oxley (SOX), SOC, PCI, GLBA, and NYDFS compliance
  • Knowledgeable in applicable frameworks including NIST Cybersecurity Framework, COBIT, COSO, ITIL, etc.
  • Strong process facilitation, project management, and analytical skills
  • Understanding of the products/services, systems, and associated risks/controls
  • Knowledge of Risk/Compliance/Audit competencies
  • Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations


:Business Control

Primary Location

:Massachusetts-Dorchester-2 Morrissey Boulevard - 06367 - Columbia Park-Corp


:Technology (5900)



Job Posting

:Nov 23, 2020, 6:08:58 PM

Apply for role

Sign up and be the first to receive our latest job updates.

Interested InSearch for a category and select one from the list of suggestions. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Risk & Governance, Dorchester, Massachusetts, United StatesRemove