Sr. Associate, Information & Cyber RiskRisk Dallas, Texas
Summary of Responsibilities:
Santander Consumer is looking to hire a qualified candidate to fill a key Information & Cyber Risk Management position in our Information Risk Management team. We are looking for experienced candidates with solid Information, Cyber & Technology risk or audit background and experience in developing and managing information technology, information & cyber security or similarly complex programs in the Financial Services industry.
Qualified candidates will be part of the 2nd line of defense Information Risk Management team responsible for defining risk frameworks and policy, and providing oversight, review and credible challenge of risk management activities owned and managed by the 1st line of defense. These roles will report to the Director of Cybersecurity Risk Management.
Qualified candidates are responsible for leading, and/or participating in, high-profile information & cyber risk management initiatives, including risk program transformation activities and supporting other critical deliverables. Senior team members play an active role in providing thought leadership, strategic thinking and providing hands-on training to less experienced team members.
- Provides 2nd Line risk oversight of the Information & Cyber Risk Management Program and provides direct 2nd Line support for the Information Technology, Information Security, Business Continuity Management and Records Management Programs, including policies/standards/procedures, strategies, material risks, risk reporting routines and metrics.
- Independently serves as a trusted partner and risk advisor to key stakeholders and business partners across all lines of defense.
- Credible review and challenge of 1st Line Risk and Control Self-Assessments, including process mapping, identification and assessment of risk, identification of controls, and assessments of control design and effectiveness.
- Provide direct support for regulatory exams and interactions, including assessing risk remediation/mitigation activities.
- Perform independent risk assessments of information & cyber risk management related disciplines, including information technology, information & cyber security, business continuity management and disaster recovery and records management.
- Positively contribute to the risk culture and overall awareness of information risk and contribute to the creation and delivery of information risk management training.
- Performs other duties and special projects as assigned.
- Bachelor’s degree in business information systems or other IT related field, or equivalent combination of education and experience, required
- 9-12 years’ experience in IT or Information Security risk management related role, inclusive of internal audit experience
- Excellent analytical, technical and problem solving skills, with strong attention to detail
- Exceptional verbal and written communication, collaboration, and time management skills
- Ability to adapt to various work environments, industries, and project schedules
- Ability to work effectively in a team environment with all levels of personnel
- Ability to travel up to 10%
- Ability to maintain confidentiality Preferences:
- Experience in IT professional risk & control organization or advisory firm a plus
- Experience in risk governance, data protection identity and access management, threat management and risk assessments preferred
- Professional certification(s) such as CISA, CISSP, CRISC preferred
- The working conditions described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Extended working hours may be required as dictated by management and business needs.
- Travel up to 10% may be required.
- May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
- May be required to sit and review information on a computer screen for long periods of time.
- May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard.
- Corporate / satellite office role.
Employer’s Rights: This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.