Director, Information Security Santander Consumer Usa
Dallas, TX

Job Description

Overview

Job Family: Information Technology

Designs, analyzes and supports the company's information technology structure, systems and processes. Acquires, designs, implements and operates the company's information technology resources (e.g., computer hardware, operating systems, communications, software applications, data, databases, etc.). Deploys, acquires, maintains and ensures security of information technology assets. Plans and tests processes to ensure compliance with system requirements, business objectives, security standards and other technical requirements.

Job Function: Information Security

Develops, manages and operates security services that assess, prioritize and mitigate information security and technology risk. Includes cyber security threat services, access management services and technology risk assessments. Designs network security perimeter architecture and relevant security controls. Reviews internal and external IT projects and applications for risk and adherence to security policies and industry best practices. Participates on internal security project teams to deploy security technologies and to make recommendations for hardware/software products for future release. Liaises with vendors for various security infrastructure-related products and services.

Summary of Responsibilities:

The Director, Information Security actively works with the lines of business to ensure that technology development and production are performed in accordance with organizations standards and applicable laws. The incumbent reports to the Director, Information Security, and works to establish and maintain the Information Security policy for the Corporation and ensures compliance to Santander Corporate Policy.

Essential Functions:

* Investigates security incidents and maintain Security Awareness program for the Corporation including articles, privacy training and Info Security.
* Provides consultation to ISBAN, an affiliated software development company to ensure software developed meets the requirements of security policy.
* Works with Santander Privacy Officer to fulfill the information technology requirements of the GLB Act and various state privacy laws.
* Partners with examiners and auditors on technology examinations gathering information and responding to findings.
* Partners with Santander Legal Department and affiliate company, Aquanima, to ensure appropriate security clauses are included in all technology contracts.
* Partners with Santander third party providers including Produban, an affiliated technology processing company, to ensure adequate security controls are implemented, monitored and reported to the Company.
* Manages the Incident Response processes and personnel.
* Coordinates response, triage and recovery activities for Information Security events impacting the Company's information technology assets.
* Responds to and manages security events. Engages in security investigations and use tools to identify and report the outcomes of incidents to senior management.
* Performs real-time security incident handling and tracking (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support Incident Response Team.
* Correlates incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

Other Functions:

* Recruits, trains, develops, motivates, sets goals, and provides on-going feedback to a team of direct reports.
* Other duties as assigned.

Supervisory Responsibilities:

Manages subordinate managers and professional staff. Is responsible for the strategic guidance, development and evaluation of employees. Carries out supervisory responsibilities in accordance with Santander's policies and applicable laws.

Requirements:

* Education -
* Bachelor's Degree: in Computer Science or equivalent field.
* or equivalent work experience


* Experience -
* 9-12 years Experience in information security, governance, IT audit, or risk management.
* Experience in a technical security engineering or operations role, including network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDS/IPS, and penetration and vulnerability testing.


* Skills & Abilities -
* Comfortable working with executive and technical leadership around the company to inform on cyber threats and discreetly handle sensitive matters.
* Strong general technology background
* Experience in Information Security along with related financial institution experience
* Strong leadership skills and the ability to lead by example
* Ability to drive execution of aggressive goals through effective planning, prioritization, resource management and follow through.
* Demonstrated experience with information security frameworks
* Ability to manage multiple, ongoing initiatives
* Strong communications skills
* Ability to forsee industry trends
* Ability to maintain and implement best practices within field
* High level understanding of Information Security threats and maintenance
* Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing.
* Demonstrated ability to frame security and risk-related concepts to both technical and nontechnical audiences.
* Experience working with business process reengineering and IT solutioning; experience working on project teams bringing together both business & technology. Capable of explaining technical concepts to a non-technical audience.
* Demonstrated experience in handling cyber incidents and response in similar critical environments
* Proficient in preparation of reports, dashboards and documentation
* Advanced knowledge of network protocols and operating systems
* Advanced networking and operation tools (i.e. - Log management, Firewall management, SIEM, etc…).


* Licenses & Certifications -
* Incumbent must maintain a security certification.



Working Conditions:

* Frequently: Minimal physical effort such as sitting, standing, and walking.
* Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.
* Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.

Employer's Rights:

* This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description.
* The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.