Sr. Associate, Technology Risk
Company: Santander Holdings USA Inc
Location: Boston
Posted on: November 1, 2024
|
|
Job Description:
Sr. Associate, Technology RiskBoston, United States of
AmericaJob Description - Senior Associate, Technology Risk
ManagementUSA Job Family Description: Monitors activities to
minimize the company's exposure to technology and information risk.
Activities may include technical risk analysis, risk identification
and remediation. Represents or supports the reputation of the
company to minimize compliance and regulatory risk by resolving
issues and ensuring adherence to regulatory requirements, industry
good practice frameworks and company and legal standards.
Responsible for ensuring that all of the company's activities
adhere to the necessary rules and regulations, and that the company
complies with legal/regulatory statutes and jurisdictions.USA Job
Function Description:The Senior Associate, Technology Risk
Management within the Technology and Information Risk Management
organization reports to the Senior Director - Technology Risk
Management and is responsible for ongoing oversight, assessment,
management and reporting of technology and cybersecurity risks
across all operating entities. This role is established in the
second line of defense and requires collaboration across IT, CISO,
Data Office, Operational Risk, Internal Audit and other relevant
functional stakeholders within the organization in the management
of Technology risks. An excellent understanding of the evolving
regulatory landscape in the US and EU are vital for success in this
role.The day-to-day focus may vary depending on the requirements of
the overall second line of defense program priorities directed by
the Head of Technology Risk and may include: planned or ad-hoc
technical risk reviews, technical review of IT and Security
architectures, review and challenge activities of IT or Business
initiatives, Risk reporting, development as well as review and
challenge of technical risk framework and methodologies.Essential
Functions/Responsibility Statements:--- Establish themselves as the
second line of defense subject matter expert on technology risk
management--- Identify and assess technology risks ensure awareness
and accountability for their management--- Design and execute
independent testing and assurance of technical domains---
Participate in the independent and ongoing risk oversight of key
technology components of the firm's business and strategy
initiatives.--- Participate in evaluation of new products /
Business changes / projects and assess related technology risks and
impact to the technology risk profile--- Participate in the
evaluation and management of risks related to third-party suppliers
involved in technology projects--- Perform review and challenge of
first line of defense risk management processes, data and outcomes
(e.g. risk assessments, control evaluations, risk metrics,
mitigation plans, risk acceptances etc.)--- Analyze IT risk data
from various sources (e.g. external events, control deficiencies,
risk register etc.) to identify and measure levels of risk,
concentration, trends and patterns; drive automation, risk
analytics & aggregation and risk visualization--- Support process
for constructive engagement across the Lines of Defense regarding
risk appetite, risk metric determination or evaluation, issue
management and action plans--- Advises on remediation of regulatory
findings, correction of any inconsistencies and monitors
resolution--- Prepare information to enable governance committees /
working groups in the management oversight of technology risks---
Initiate timely escalations to the Technology Risk leadership
team--- Work across the lines of defense to recommend strategies
that effectively treat risks within the risk
appetiteQualifications: To perform this job successfully, an
individual must be able to perform each essential duty
satisfactorily. The requirements listed below are representative of
the knowledge, skill, and/or ability required. Reasonable
accommodations may be made to enable individuals with disabilities
to perform the essential functions.Education:--- Bachelor's Degree
in a technical discipline or equivalent work experience: Computer
Science, Information Technology, Information Systems, Information
Security. Req--- Master's Degree in related technical disciplines.
Pref--- Professional Certifications in one or more domains of
technical expertise. Req.Work Experience:--- Practitioner
experience in Technology or Cybersecurity risk management with an
ability to lead technical risk assessments, identify and assess
risks, document findings and opinions, and develop risk
reporting--- Good understanding of regulatory requirements e.g.
FFIEC, FDIC, OCC requirements and industry frameworks and practices
e.g. COBIT, ITIL , ISO, NIST 800-53, CSA-CCM v4, Fed Ramp, CIS
Benchmarks--- Overall professional experience of 10+ years or more
in technology risk audit & assurance or a technology risk
management role in a matrix organization--- Experience within a
highly regulated environment such as the financial services
industryTechnical Skills:--- IT Service Management domains e.g. IT
Change Management, IT Capacity Management, IT Incident Management,
IT Release Management--- Software Development Lifecycle (SDLC)---
IT Asset Management and Shadow IT (End User Computing)--- Networks
and Communication Systems--- Virtualized infrastructure--- Payments
technology e.g. SWIFT, Fedline etc.--- Advanced levels of
proficiency in MS Excel and Powerpoint--- High levels of
proficiency with data visualization and reporting tools such as
PowerBI and/or Tableau--- Working knowledge of the Python
ecosystem, including best practices (Pref)Competencies and
Abilities:--- Demonstrated expertise and track record in the design
and assessment of technology controls across multiple technical
domains, and ability to perform at an advanced level of
competence.--- Strong familiarity with Risk Control Self-Assessment
(RCSA) of technology processes--- Strong risk, process, and control
validation and/or assessment skills with an ingrained sense of
intellectual curiosity.--- Excellent communication and presentation
skills, including the ability to present complex topics, negotiate
and recommendations to senior stakeholders.--- Meticulous attention
to detail and accuracy when analyzing data, preparing reports, and
documenting risk management processes.--- Having the ability to
multi-task and adapt/adjust to multiple demands and competing
priorities--- A team player who can coordinate and drive consensus
among different teams and stakeholders having varying view
points--- Ability to convey a sense of urgency and drive
issues/projects to closure.--- Excellent written and oral
communication skills.--- Excellent analytical skills when it comes
to problem-solving including the ability to challenge root causes
and related corrective actions--- Strong organizational and project
management skills.Santander is an equal opportunity employer. All
qualified applicants will receive consideration for employment
without regard to race, color, religion, sex, sexual orientation,
gender identity, national origin, genetics, disability, age,
veteran status or any other characteristic protected by law.Working
Conditions: Frequent Minimal physical effort such as sitting,
standing and walking. Occasional moving and lifting equipment and
furniture is required to support onsite and offsite meeting setup
and teardown. Physically capable of lifting up to fifty pounds,
able to bend, kneel, climb ladders.Employer Rights: This job
description does not list all of the job duties of the job. You may
be asked by your supervisors or managers to perform other duties.
You may be evaluated in part based upon your performance of the
tasks listed in this job description. The employer has the right to
revise this job description at any time. This job description is
not a contract for employment and either you or the employer may
terminate at any time for any reason.
Primary Location: -Boston, MA, Boston
Other Locations: -Massachusetts-Boston,Texas-Dallas
Organization: -Santander Bank N.A.
Keywords: Santander Holdings USA Inc, Portland , Sr. Associate, Technology Risk, IT / Software / Systems , Boston, Maine
Click
here to apply!
|