Associate, Information Security

The Associate, Information Security designs, analyzes and supports the company's information technology structure, systems and processes. Deploys, acquires, maintains and ensures security of information technology assets. Plans and tests processes to ensure compliance with system requirements, business objectives, security standards and other technical requirements.

They mitigate and manage cyber security threats, ensure systems availability, align with global regulatory risk and compliance requirements, and manage systems and network complexity. The incumbent leads development and/or implementation of significant or Company-wide Technology Controls / Information Security strategies, policies, programs, tools and provides expert advice and guidance on technical solutions. This individual oversees control and governance activities and identifies and assesses potential security risks, breaches/ exposures impacting highly complex / high risk businesses or transformational (change the bank) strategic initiatives primarily interfacing with executive and/or functional stakeholders across the enterprise.

Works with the lines of business to ensure that technology development and production are performed in accordance with organizations’ standards and applicable laws. The incumbent works to establish and maintain the Information Security policy for the Corporation and ensure compliance to Santander Policy. This individual will be a key member assessing and prioritizing risk across the organization, compliance with information security policies, and the development and reporting of information security metrics.

Essential Functions:

• Protects the Company, customers and employees by mitigating and identifying technology threats to Santander.
• Create vulnerability scanning schedule and perform scans on a periodic and on an ad Hoc basis to identify vulnerabilities.
• Conducts vulnerability assessment on the target IT Infrastructure, applications and related information assets.
• Build a monthly scan plan for the vulnerability scanning team to ensure that vulnerability scans are performed on all assets noted in Configuration Management Database (CMDB).
• Identify vulnerabilities to be analyzed and prioritized based on the Common Vulnerability Scoring System (CVSS)
• Identify and monitor threats and vulnerabilities using threat intelligence.
• Designs, builds, maintains, and supports the company’s information security program.
• Deploys solutions and secure information assets.
• Provides expertise for cyber security technical and non-technical solutions; review and provide guidance enabling business system delivery in a manner that adheres to information security policy.
• Identifies and incorporates security capability requirements into security strategy.
• Establishes, tracks, and reports on key metrics.
• Participates in change request reviews to assess security risk and recommend solutions.
• Manages and monitors technology, audit and regulatory risk through governance, oversight, reporting and training initiatives / programs including management of audit and regulatory findings, regulatory reviews, process and strategic risk & control self-assessment, and key risk indicator program.
• Work closely with the Local and Global Information Technology and Information Security teams and Business Owners to address any open vulnerabilities, regulatory requirements or concerns to mature the information security program.
• Perform risk assessments and/or control gap analysis against Information Security Policies and Standards.
• Performs technical security assessments (e.g., Windows, UNIX, firewalls, routers, oracle, SQL server, etc.)
• Provides direction and act as an escalation point on projects and issues to other team members.

Education: Bachelor’s or undergraduate degree in Information Systems or Information Technology or equivalent work experience in Information Technology, Information Systems, or equivalent field.

Skills and Experience:

• Preferably 5-9 years’ experience in information security, information technology, governance, IT audit, patch management, vulnerability management, penetration testing, risk management or similar areas.
• Experience with risk assessments and compliance with major regulatory initiatives (e.g.  SOX, NYDFS).
• Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
• Working knowledge of security systems or tools such as Qualys, Microsoft SCCM, Ansible, Red hat satellite, Service Now (SNOW), CMDB
• Possess the ability to perform under pressure in a challenging environment.
• A hunger to learn and take on challenging opportunities contributing to the success of information security team.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
• Proven ability to work in team environment.
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.

EEO Statement:  At Santander, we value and respect differences in our workforce.  We actively encourage everyone to apply.   

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting to fifty pounds, able to bend, kneel, climb ladders.

Employer Rights: This job description does not list all the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

Primary Location: New York, NY, New York

Other Locations: New York-New York

Organization: Banco Santander S.A.