Associate Director, Information Security (Governance/Risk/Compliance)
Dorchester, MA

Job Description

Associate Director, Information Security (Governance/Risk/Compliance)-1902635

Description

Overview

Santander Holdings USA, Inc. (SHUSA) is a wholly-owned subsidiary of Banco Santander, S.A. (SAN), one of the most respected banking groups in the world with more than 125 million customers in Europe, Latin America and the U.S. As the intermediate holding company for Santander's U.S. businesses, SHUSA includes six financial companies with more than 17,500 employees, 5.2 million customers and assets of over $135.1 billion. These include Santander Bank, N.A., one of the country's largest retail and commercial banks by deposits; Santander Consumer USA Holdings Inc., an auto finance and consumer lending company; Banco Santander International of Miami; Banco Santander Puerto Rico; Santander Securities LLC of Boston; and Santander Investment Securities Inc. of New York.

Position Summary

Responsible for Security activities for infrastructure component including network services, end user protection and IT asset management. This role will work closely with the Groupo Santander Cyber Protect, MX Hub, and US IT infrastructure teams. The role will be responsible for ensuing compliance with standards, managing security projects and risks, supporting security incident response efforts, managing the relationships and SLAs with third party providers (e.g. Produban), tracking KRIs, and supporting regulatory/audit requirements.

The role is a 1st Line of Defense function and will work closely with the IT Governance, 2nd Line of Defense Risk Management and Privacy as well as 3rd Line internal audit, and regulatory offices, and a variety of stakeholders at senior levels located throughout Groupo Santander and the US operating entities. As part of a new Information Security team this role will be expected to participate in initiatives, design and implement new processes and tools, and recommend opportunities for improved efficiency and effectiveness to drive the maturity of the Information Security program.

Responsibilities:

* Keep abreast of regulatory matters and US financial services industry InfoSec best practices and maintain a library of InfoSec program requirements that meet them


* Analyze Santander's compliance to any new requirement and identify gaps to be remediated


* Lead workshops with key stakeholders to prioritize requirements and identify adequate remediation and implementation projects


* Support project managers with requirements expertise on project execution and be the liaison with Governance Risk and Compliance team


* Work with control testing and 2nd Line risk management teams to ensure effective review and challenge and determine implementation status and effectiveness of Information Security requirements


* Implement a formal cyber risk assessment program across the US entities:
* Define risk scenarios based on internal and external threats


* Build and maintain an external/internal threat risk assessment model to calculate inherent and residual risk for bank-wide risk scenarios


* Deploy risk model across US entities and define appropriate controls to reduce residual risks


* Train staff in the US entities and Groupo Santander how to use it effectively




* Manage examinations (internal and external) and reviews on behalf of the InfoSec team in coordination with the IT regulatory program Office function. Work with InfoSec staff and various stakeholders to evaluate compliance, develop remediation actions for findings and communicate status


* Implement key performance and risk metrics across the Information Security program. Prepare executive level and actionable reporting. Identify trends and recommend actions


* Implement and update standards and procedures to support the US InfoSec function and align with Group Santander cyber function


* Develop and manage an InfoSec training and awareness program for InfoSec team staff and US employees This will align with Groupo Santander and include both general and targeted role-based training


* Ensure reporting to IT and Corporate functions is executed and reviewed in a timely manner and resolve any required deficiencies


* Drive building the strategic plan for the US InfoSec team and update the Written Information Security Program, operating policies and Annual Board reporting


* Support US entities in rolling out the defined strategy and ensure that their Information Security programs are aligned to the US holding objectives



Qualifications

* 7+ years of risk management, audit, legal, or regulatory experience in financial services


* 7+ years in project management


* 3+ years of information/cyber security experience


* Knowledge of Information Security applicable US laws and regulations (e.g. GLBA, SOX, NYDFS) and industry standards (e.g. NIST, ISO)


* Understanding of banking operations and risk management in financial services


* Excellent oral and written communication and presentation skills


* Experience and leadership building new programs and teams, identifying and managing requirements


* Ability to develop and maintain close working relationships with internal and external stakeholders, including senior executives, across various IT and Business functions


* Advanced PC (MSWord, Excel, Access, PowerPoint) skills


* Strong organizational skills, including ability to prioritize several projects at a time


* Audit and Regulator interaction experience is preferred



At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Job:Information Security

Primary Location:Massachusetts-Dorchester-2 Morrissey Boulevard - 06367 - Columbia Park

Organization:Technology (5900)

Schedule:Full-time

Job Posting:Jun 26, 2019, 8:59:18 PM

AN EQUAL OPPORTUNITY EMPLOYER M/F/Vet/Disabled/SO