Designing, developing, operating and managing comprehensive security architectures, strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Specific focus includes mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity.
Key functional / specialized disciplines or practice areas for this Job Family include but are not limited to the following:
Cyber Security (Architecture, Development, Operations):
- Responsible for protecting Santander, customers and employees by mitigating and identifying technology threats
- Create and manage cyber security strategy, programs and execution including threat management services such as vulnerability assessments, threat intelligence, analysis and response, security event monitoring and incident management, digital forensics etc.
- Provide expertise for cyber security technical and non-technical solutions; review and provide guidance enabling business system delivery in a manner that adheres to information security policy
- Govern network-related security controls throughout the enterprise, firewall programs, intrusion detection and prevention systems, network data leakage prevention, secure email encryption, and web content filtering
- Subject matter expertise in application security architecture
- Authentication and authorization standards and technology
- Cryptographic principals, protocols, and key management
- Access control mechanisms
- Leading security suppliers and vendors
- Cloud security principals and technology
Strategy Governance, Risk and Policy:
- Manage and monitor technology, audit and regulatory risk through governance, oversight, reporting and training initiatives / programs including management of audit and regulatory findings, regulatory reviews, process and strategic risk & control self-assessment, and key risk indicator program
- Work to minimize potential impact and exposure to technology threats
- Develop and enforce an integrated Technology Risk and Control Framework across the enterprise
- Lead enterprise oversight groups / councils / forums
- Security Assessment processes
- Presentation at cross functional Architecture Review Board
- Inherent and residual risk assessments
- Bachelor's Degree in Computer Management, Computer Science, Computer Engineering, System Analysis or an equivalent field
- 9-12 years’ experience within Information Security or a related field
- Advanced Information Security Certification (ISACA or equivalent) is preferred
Employees desiring consideration should complete an online application, utilizing the appropriate process as subscribed by the posting entity. Employees should provide all pertinent information to support their candidacy.
To be considered eligible for internal posting, Santander employees must meet all of the following eligibility requirements:
- Completion of at least one year of active service in Santander
- Completion of at least twelve months in current position
At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We encourage everyone to apply.