Santander US Information Risk Management Senior Associate in Boston, Massachusetts
Information Risk Management Senior Associate
Boston, United States of America
The Senior Associate will be part of a dedicated team and execute against IRM strategy and conduct independent risk assessments/review and challenge on technology, fraud, payments, and third-party projects/processes/controls for a new digital bank platform being deployed both on-prem and in the AWS cloud. This role is expected to be able to lead assessments, identify and assess risks, document findings and opinions, and report and escalate as necessary to executive management or corporate risk partners. This role will need to work in close partnership with all lines of internal risk management peers including other first line of defense teams, corporate risk functions and internal audit. This role requires a combination of financial services (ideally US banking) risk management and cloud technology experience and expertise.
Identifying risks and requirements related to regulations and policies
Mapping risks and requirements to product functionality and processes
Reviewing configuration, controls and mitigation activities against risks
Assessing testing designs and approach and review test result output
Preparing materials for risk and compliance governance meeting review and signoff
Manage delivery timelines and develop materials to ensure IRM independent opinion appropriately represented during committee meetings, external exams and internal audits.
Ensure all activities and deliverables achieve their timeliness, quality and accuracy service levels.
Help keep CIRO informed on status of program execution and emerging risks.
Ensures a sound operational and compliance control environment through establishment of a system of internal controls.
Continuously monitor sources of risk within LOB KRIs, KPIs, QC functions, control testing, losses, fraud, incidents, and industry events. Identify control and policy/procedure updates.
Drive, track and report on issue identification and remediation.
Support process for constructive engagement with the Second and Third Lines of Defense regarding differences or conflicts in operational risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute.
Education: bachelor’s degree or equivalent work experience in Accounting, Business, Statistics, Risk Management, Information Systems/Security, Finance, Economics or equivalent field.
7+ years of Technology Risk Management, GRC, or Audit experience
Practical experience using industry frameworks such as COBIT, ITIL , NIST 800-53, CSA-CCM v4, Fed Ramp, CIS Benchmarks, to identify, assess, mitigate, and report information and operational risk.
Minimum 2+ yrs. of Cloud experience (adoption, implementation) in AWS, Azure, GCP is a must (AWS preferable).
Experience working directly in one or more of these Cloud domains - Solutions Architect, DevOps, SysOps, or Data Engineering – is highly desirable. Should have working knowledge of services such as (or equivalent to) AWS EC2, API Gateway, CodeCommit, CodePipeline, Lambda, S3, RDS, VPC, ELB, Route53, Auto-Scaling, IAM through AWS Console, and CloudFormation
Fundamental understanding of Cloud architectures, controls and risks from hands-on practical experience is a must.
AWS-Certified Cloud Practitioner foundational certification (or equivalent for other Cloud platforms) is highly desired, higher certification levels a strong plus.
AI/Machine Learning knowledge a plus
Risk Certification preferred (i.e., CRISC, CISM, CISA, etc.)
Demonstrated knowledge of operating in a regulated entity, preferably a ban
Drive results and meet deadlines to reduce risks in a fast-paced environment with minimal supervision.
Analyze highly complex business issues and produce results, opinions and recommendations that are conveyed in an easy-to-understand manner.
Strong ability to lead, partner, and influence across all leadership levels.
Excellent communication skills, including an ability to influence stakeholders across the organization, to speak effectively in small and large-group settings, and to write clearly in internal memos, presentations and e-mails
Strong attention to detail in a fast-paced work environment.
Fully accountable for timeliness, completeness, quality of projects, processes, products and services
Remains calm and focused on goals while facing pressures, obstacles or short-term setbacks.
Keeps up to date with external market events, pressures and regulations which may impact the organization and assesses whether similar issues exist in the organization.
Monitors adherence to policies, regulations, processes and procedures within function and actively undertakes corrective action where necessary.
Understands end to end processes across the organization and how processes are integrated.
At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.
This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.
Bachelor of Science (BS) English
Primary Location: Boston, MA, Boston
Other Locations: Massachusetts-Boston
Organization: Santander Bank N.A.
AN EQUAL OPPORTUNITY EMPLOYER M/F/Vet/Disabled/SO
- Santander US Jobs