Santander Bank, N.A.
Director, Cyber and Digital Risk Management
Santander is a global leader and innovator in the financial services industry. We believe that our employees are our greatest asset. Our focus is on fostering an enriching journey that empowers you to explore diverse career opportunities while nurturing your personal growth. The Director, Cyber and Digital Risk Management monitors activities to minimize the company's exposure to information security risks. Activities may include 2nd line of defense independent assurance over technical cyber risk analysis, risk identification and remediation. The Director is responsible for ensuring that the company's activities adhere to the necessary rules and regulations, and that the company complies with legal/regulatory statutes and jurisdictions, as they relate to the management of cyber and digital risks. Key Responsibilities
Establish themselves as the second line of defense subject matter expert for key stakeholders in the management of cybersecurity and technology risks across all operating entities Prepare information to enable governance committees / working groups in the management oversight of cybersecurity and technology risks Participate in relevant governance committees and working groups as a delegate of the Head of Technology, including the Operational Risk Committee, Technology Executive Working Group, Information Security & Data Management Committee, Architectural Review Board, AI Enablement Working Group Initiate timely escalations to the Sr. Director, Cyber & Digital Risk and to the leadership team Identify and assess cybersecurity risks and counsel business units managers, CISO and/or IT GRC stakeholders on risk management issues to ensure awareness and accountability for cybersecurity risks Oversee ongoing oversight of the firm’s information risk footprint through ongoing monitoring, formal review and challenge activities, targeted risk reviews, technology policy and standard assurance, and other activities e.g., transformation review and challenge. Contribute to the updating of existing policies and framework or develop new ones that steer the safe and sound adoption of technologies across the organization Participate in the independent and ongoing risk oversight of key technology components of the firm’s digital transformation initiatives. Implement and sustain independent risk oversight coverage of the cloud operating platform and vendor software development activities. Work across the lines of defense to recommend strategies that effectively treat risks within the risk appetite Monitor external trends and evaluate potential impacts to business strategy; provide documented analytical insights of the risk horizon, while ensuring a sound operational and compliance control environment through establishment of a system of effective and sustainable internal controls Participate in evaluation of new products / Business changes / projects and assess related information risks and impact to the cybersecurity and technology risk profile Participate in the evaluation and management of cybersecurity risks related to third-party suppliers involved in technology and business projects Advises on remediation of regulatory findings, correction of any inconsistencies and monitors resolution. Manage, oversee and contribute to targeted risk reviews designed to evaluate information risks and their effective and sustainable mitigation Perform review and challenge of first line of defense risk management processes, data and outcomes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.) and communicate risk opinions at various levels of management Analyze risk data from various sources (e.g. external events, control deficiencies, risk register etc.) to identify and measure levels of risk, concentration, trends and patterns Participate in the review and challenge of scenario for crisis management exercises, especially where there is a cyber component Support process for constructive engagement across the Lines of Defense regarding differences or conflicts in risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute Own individual delivery timelines and develop materials to ensure second line of defense independent opinion appropriately represented during committee meetings, external exams and internal audits. Ensure all activities and deliverables achieve their timeliness, quality and accuracy service levels. Collaborate with other second line of defense functions such as Operational Risk, Model Risk, Compliance etc. on common priorities and strategic initiatives Provides second line of defense leadership and subject matter expertise during response to major technology or cyber incidents including cyber-security related privacy events and coordinate second line of defense engagement and response of incident / crisis managers What You Bring
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Education
Bachelor's Degree in a technical discipline or equivalent work experience: Computer Science, Information Technology, Information Systems, Information Security. Master's Degree in related technical disciplines. Professional Certifications in Cybersecurity. Professional Certifications in Cloud Security (AWS, Azure). Work Experience
Practitioner and management experience in one or more areas of Cybersecurity Risks Overall professional experience of 15+ years or more in cybersecurity risk management roles in a matrix organization Experience in Cybersecurity risk consulting in the financial services sector, Cyber security audit, Chief Information Security Officer / Deputy or in a similar second line of defense role is highly preferred Experience within a highly regulated environment such as the financial services industry and knowledge of the current and evolving regulatory landscape is necessary Experience leading high performance teams Skills And Abilities
Strong understanding of technology infrastructure, information security, and enterprise resilience Experience with developing and implementing technology & cyber risk oversight programs, preferably in a 2nd or 3rd line of defense Demonstrated leadership skills and ability to coordinate oversight activities across different teams Knowledge of current and evolving regulatory requirements and industry best practices in technology and cybersecurity risk management Strong Leadership Experience Technical Skills (incl. Tools)
Resilient Security Architecture Identity and Access Management Network / Firewall Management Vulnerability and Patch Management Cloud Security Architecture Secure Application Development / Containerization Encryption / Tokenization Data Loss Prevention Security Logging and Monitoring Incident Detection and Response Management Offensive Security Competencies And Abilities
Demonstrated expertise and track record in technology risk management segment, and ability to perform at an advanced level of competence. Advanced knowledge of cyber risk management best practices and how to implement them. Ability to engage effectively with both senior management and operational teams A keen sense of risk anticipation with attention to details and an ingrained ability to connect the dots and challenge status quo An execution and solution focused risk mindset with an ability to push the needle forward even with ambiguous or incomplete information Ability to direct, train and guide peers, subordinates and management. A team player who can coordinate and drive consensus among different teams and stakeholders having varying viewpoints Ability to build relationships, influencing and negotiating across diverse stakeholders across the lines of defense, handle conflict resolution with other groups to ensure appropriate risk management decisions are made. Ability to adjust to new developments/changing circumstances. Ability to effectively communicate and build relationships with multiple levels of the organizational structure, including senior level management. Ability to collaborate with multidisciplinary teams. Ability to multi-task and adapt/adjust to multiple demands and competing priorities. Ability to maintain and report on confidential information in an appropriate manner. Ability to convey a sense of urgency and drive issues/projects to closure. Ability to effectively interact with the executive management and vendors. Ability to demonstrate sound judgement and critical thinking Excellent written and oral communication skills. Excellent analytical, organizational and project management skills. Strong leadership, supervisory engagement skills. Strong risk, process, and control validation and/or assessment skills Certifications
Professional Certifications in Cybersecurity. Professional Certifications in Cloud Security (AWS, Azure). Risk Culture
We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management. EEO Statement
At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.
#J-18808-Ljbffr
Santander is a global leader and innovator in the financial services industry. We believe that our employees are our greatest asset. Our focus is on fostering an enriching journey that empowers you to explore diverse career opportunities while nurturing your personal growth. The Director, Cyber and Digital Risk Management monitors activities to minimize the company's exposure to information security risks. Activities may include 2nd line of defense independent assurance over technical cyber risk analysis, risk identification and remediation. The Director is responsible for ensuring that the company's activities adhere to the necessary rules and regulations, and that the company complies with legal/regulatory statutes and jurisdictions, as they relate to the management of cyber and digital risks. Key Responsibilities
Establish themselves as the second line of defense subject matter expert for key stakeholders in the management of cybersecurity and technology risks across all operating entities Prepare information to enable governance committees / working groups in the management oversight of cybersecurity and technology risks Participate in relevant governance committees and working groups as a delegate of the Head of Technology, including the Operational Risk Committee, Technology Executive Working Group, Information Security & Data Management Committee, Architectural Review Board, AI Enablement Working Group Initiate timely escalations to the Sr. Director, Cyber & Digital Risk and to the leadership team Identify and assess cybersecurity risks and counsel business units managers, CISO and/or IT GRC stakeholders on risk management issues to ensure awareness and accountability for cybersecurity risks Oversee ongoing oversight of the firm’s information risk footprint through ongoing monitoring, formal review and challenge activities, targeted risk reviews, technology policy and standard assurance, and other activities e.g., transformation review and challenge. Contribute to the updating of existing policies and framework or develop new ones that steer the safe and sound adoption of technologies across the organization Participate in the independent and ongoing risk oversight of key technology components of the firm’s digital transformation initiatives. Implement and sustain independent risk oversight coverage of the cloud operating platform and vendor software development activities. Work across the lines of defense to recommend strategies that effectively treat risks within the risk appetite Monitor external trends and evaluate potential impacts to business strategy; provide documented analytical insights of the risk horizon, while ensuring a sound operational and compliance control environment through establishment of a system of effective and sustainable internal controls Participate in evaluation of new products / Business changes / projects and assess related information risks and impact to the cybersecurity and technology risk profile Participate in the evaluation and management of cybersecurity risks related to third-party suppliers involved in technology and business projects Advises on remediation of regulatory findings, correction of any inconsistencies and monitors resolution. Manage, oversee and contribute to targeted risk reviews designed to evaluate information risks and their effective and sustainable mitigation Perform review and challenge of first line of defense risk management processes, data and outcomes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.) and communicate risk opinions at various levels of management Analyze risk data from various sources (e.g. external events, control deficiencies, risk register etc.) to identify and measure levels of risk, concentration, trends and patterns Participate in the review and challenge of scenario for crisis management exercises, especially where there is a cyber component Support process for constructive engagement across the Lines of Defense regarding differences or conflicts in risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute Own individual delivery timelines and develop materials to ensure second line of defense independent opinion appropriately represented during committee meetings, external exams and internal audits. Ensure all activities and deliverables achieve their timeliness, quality and accuracy service levels. Collaborate with other second line of defense functions such as Operational Risk, Model Risk, Compliance etc. on common priorities and strategic initiatives Provides second line of defense leadership and subject matter expertise during response to major technology or cyber incidents including cyber-security related privacy events and coordinate second line of defense engagement and response of incident / crisis managers What You Bring
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Education
Bachelor's Degree in a technical discipline or equivalent work experience: Computer Science, Information Technology, Information Systems, Information Security. Master's Degree in related technical disciplines. Professional Certifications in Cybersecurity. Professional Certifications in Cloud Security (AWS, Azure). Work Experience
Practitioner and management experience in one or more areas of Cybersecurity Risks Overall professional experience of 15+ years or more in cybersecurity risk management roles in a matrix organization Experience in Cybersecurity risk consulting in the financial services sector, Cyber security audit, Chief Information Security Officer / Deputy or in a similar second line of defense role is highly preferred Experience within a highly regulated environment such as the financial services industry and knowledge of the current and evolving regulatory landscape is necessary Experience leading high performance teams Skills And Abilities
Strong understanding of technology infrastructure, information security, and enterprise resilience Experience with developing and implementing technology & cyber risk oversight programs, preferably in a 2nd or 3rd line of defense Demonstrated leadership skills and ability to coordinate oversight activities across different teams Knowledge of current and evolving regulatory requirements and industry best practices in technology and cybersecurity risk management Strong Leadership Experience Technical Skills (incl. Tools)
Resilient Security Architecture Identity and Access Management Network / Firewall Management Vulnerability and Patch Management Cloud Security Architecture Secure Application Development / Containerization Encryption / Tokenization Data Loss Prevention Security Logging and Monitoring Incident Detection and Response Management Offensive Security Competencies And Abilities
Demonstrated expertise and track record in technology risk management segment, and ability to perform at an advanced level of competence. Advanced knowledge of cyber risk management best practices and how to implement them. Ability to engage effectively with both senior management and operational teams A keen sense of risk anticipation with attention to details and an ingrained ability to connect the dots and challenge status quo An execution and solution focused risk mindset with an ability to push the needle forward even with ambiguous or incomplete information Ability to direct, train and guide peers, subordinates and management. A team player who can coordinate and drive consensus among different teams and stakeholders having varying viewpoints Ability to build relationships, influencing and negotiating across diverse stakeholders across the lines of defense, handle conflict resolution with other groups to ensure appropriate risk management decisions are made. Ability to adjust to new developments/changing circumstances. Ability to effectively communicate and build relationships with multiple levels of the organizational structure, including senior level management. Ability to collaborate with multidisciplinary teams. Ability to multi-task and adapt/adjust to multiple demands and competing priorities. Ability to maintain and report on confidential information in an appropriate manner. Ability to convey a sense of urgency and drive issues/projects to closure. Ability to effectively interact with the executive management and vendors. Ability to demonstrate sound judgement and critical thinking Excellent written and oral communication skills. Excellent analytical, organizational and project management skills. Strong leadership, supervisory engagement skills. Strong risk, process, and control validation and/or assessment skills Certifications
Professional Certifications in Cybersecurity. Professional Certifications in Cloud Security (AWS, Azure). Risk Culture
We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management. EEO Statement
At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.
#J-18808-Ljbffr