Full-time
Sr. Associate, Information Security (Senior Governance Analyst) - Santander Bank - Dorchester, MA

Sr. Associate, Information Security (Senior Governance Analyst)-1806893
Description Responsible for Information Security program governance activities including program requirements management, regulatory/audit coordination, compliance assessments, cyber risk assessments, training and awareness, KPI/metrics, policy and standards management, executive reporting and overall program communications. The role is a 1st Line of Defense function and will work closely with the IT Governance, 2nd Line of Defense risk management and privacy as well as 3rd Line internal audit, and regulatory offices, and a variety of stakeholders at senior levels located throughout Groupo Santander and the US operating entities. As part of a new Information Security team this role will be expected to participate in initiatives, design and implement new processes and tools, and recommend opportunities for improved efficiency and effectiveness to drive the maturity of the Information Security program. Responsibilities: Keep abreast of regulatory matters and US financial services industry InfoSec best practices and maintain a library of InfoSec program requirements that meet them Analyze Santander’s compliance to any new requirement and identify gaps to be remediated Lead workshops with key stakeholders to prioritize requirements and identify adequate remediation and implementation projects Support project managers with requirements expertise on project execution and be the liaison with Governance Risk and Compliance team Work with control testing and 2nd Line risk management teams to ensure effective review and challenge and determine implementation status and effectiveness of Information Security requirements. Implement a formal cyber risk assessment program across the US entities: Define risk scenarios based on internal and external threats Build and maintain an external/internal threat risk assessment model to calculate inherent and residual risk for bank-wide risk scenarios Deploy risk model across US entities and define appropriate controls to reduce residual risks Train staff in the US entities and Groupo Santander how to use it effectively Manage examinations (internal and external) and reviews on behalf of the InfoSec team in coordination with the IT regulatory program Office function. Work with InfoSec staff and various stakeholders to evaluate compliance, develop remediation actions for findings and communicate status Implement key performance and risk metrics across the Information Security program. Prepare executive level and actionable reporting. Identify trends and recommend actions Implement and update standards and procedures to support the US InfoSec function and align with Group Santander cyber function Develop and manage an InfoSec training and awareness program for InfoSec team staff and US employees. This will align with Groupo Santander and include both general and targeted role-based training Ensure reporting to IT and Corporate functions is executed and reviewed in a timely manner and resolve any required deficiencies Drive building the strategic plan for the US InfoSec team and update the Written Information Security Program, operating policies and Annual Board reporting Support US entities in rolling out the defined strategy and ensure that their Information Security programs are aligned to the US holding objectives
Qualifications Qualifications: 7+ years of risk management, audit, legal, or regulatory experience in financial services 7+ years in project management 3+ years of information/cyber security experience Knowledge of Information Security applicable US laws and regulations (e.g. GLBA, SOX, NYDFS) and industry standards (e.g. NIST, ISO) Understanding of banking operations and risk management in financial services Excellent oral and written communication and presentation skills Experience and leadership building new programs and teams, identifying and managing requirements Ability to develop and maintain close working relationships with internal and external stakeholders, including senior executives, across various IT and Business functions Advanced PC (MSWord, Excel, Access, PowerPoint) skills Strong organizational skills, including ability to prioritize several projects at a time Audit and Regulator interaction experience is preferred At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Job :Information Security Primary Location :Massachusetts-Dorchester
Organization :Technology (5900) Schedule :Full-time
Job Posting :Nov 30, 2018, 2:46:31 PM

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.