Associate, Information Security

Develops, manages, and operates security services that assess, prioritize, and mitigate information security and technology risk. This includes conducting regular security assessments and vulnerability scans using tools such as AWS GuardDuty, AWS Inspector, and AWS Config. Analyzes and interprets security issues identified by these tools, providing detailed and actionable recommendations for remediation. Performs comprehensive application security assessments and code reviews to identify and mitigate potential vulnerabilities. Ensures compliance with industry standards and frameworks, including CIS benchmarks for AWS. Develops, maintains, and enforces security policies, procedures, and documentation to support compliance efforts. Conducts thorough audits and assessments to ensure ongoing adherence to security policies and standards. Implements and manages advanced security monitoring solutions using Splunk and SysDig. Monitors security alerts and incidents, coordinating response efforts to effectively mitigate risks. Conducts in-depth root cause analysis of security incidents and implements robust measures to prevent recurrence. Collaborates closely with development and operations teams to integrate security best practices into the software development lifecycle (SDLC). Stays abreast of the latest security trends, threats, and technologies. Continuously improves security processes and controls to enhance the overall security posture of the organization.

Essential Functions/Responsibility Statements:

• Conducts regular security assessments and vulnerability scans using tools such as AWS GuardDuty, AWS Inspector, and AWS Config.
• Analyzes and interprets security issues identified by these tools, providing detailed and actionable recommendations for remediation.
• Performs comprehensive application security assessments and code reviews to identify and mitigate potential vulnerabilities.
• Ensures compliance with industry standards and frameworks, including CIS benchmarks for AWS.
• Develops, maintains, and enforces security policies, procedures, and documentation to support compliance efforts.
• Conducts thorough audits and assessments to ensure ongoing adherence to security policies and standards.
• Implements and manages advanced security monitoring solutions using Splunk and SysDig.
• Monitors security alerts and incidents, coordinating response efforts to effectively mitigate risks.
• Conducts in-depth root cause analysis of security incidents and implements robust measures to prevent recurrence.
• Collaborates closely with development and operations teams to integrate security best practices into the software development lifecycle (SDLC).
• Stays abreast of the latest security trends, threats, and technologies.
• Continuously improves security processes and controls to enhance the overall security posture of the organization.

Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education: Bachelor's Degree or equivalent work experience

Work Experience: 5-9 years; Experience in Information security, Cloud governance, IT audit, or risk management.

Skills and Abilities:

• Proficiency in AWS security tools such as AWS GuardDuty, AWS Inspector, and AWS Config.
• Experience with security monitoring tools like Splunk and SysDig.
• Strong understanding of CIS benchmarks for AWS and other relevant compliance frameworks.
• In-depth knowledge of application security principles and best practices.
• Ability to analyze and mitigate security issues identified by various security tools.
• Excellent analytical and problem-solving skills to identify and address security vulnerabilities.
• Ability to conduct thorough risk assessments and develop effective mitigation strategies.
• Strong communication and collaboration skills to work effectively with development, operations, and compliance teams.
• Ability to provide training and guidance on security and compliance best practices.
• High attention to detail to ensure thorough analysis and accurate documentation.
• Proactive approach to identifying and addressing security risks before they become critical issues.
• Commitment to staying up-to-date with the latest security trends, threats, and technologies.

Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status, or any other characteristic protected by law.

Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting to fifty pounds, able to bend, kneel, climb ladders.

Employer Rights: This job description does not list all the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

Primary Location: Dallas, TX, Dallas

Other Locations: Texas-Dallas

Organization: Santander Holdings USA, Inc.