Summary of Responsibilities:
- The Information Risk Analyst III will support the Santander Consumer USA Information Risk Management teams. The role will support the identification, assessment, mitigation, management, monitoring and reporting of information security risk. The Senior Analyst shall work with business functions, corporate areas and clients and partners to implement and maintain practices in line with SC defined policies and standards for information risk and security, reflective of corporate, regulatory and industry best practices.
- Supports Information Risk management in the execution of risk management duties and activities, including risk assessment, monitoring and remediation efforts.
- Monitors mitigation plans from findings, affecting the information risk environment of the Company.
- Maintains and strengthens governance mechanisms including policies, procedures and standards.
- Analyzes and identifies Information Risk weaknesses, developing, agreeing and tracking remediation activity with management.
- Collaborates with business areas and management to support Information Risk activities including risk assessment and risk monitoring maintenance and development.
- Maintains effective mechanisms for reporting of Information Risk issues affecting SC.
- Performs other duties and special projects as assigned.
- Bachelor’s degree in business information systems or other IT related field, or equivalent combination of education and experience, required
- Five (5) + years’ experience in IT or Information Security risk management related role, inclusive of internal audit experience
- Excellent analytical, technical and problem solving skills, with strong attention to detail
- Exceptional verbal and written communication, collaboration, and time management skills
- Ability to adapt to various work environments, industries, and project schedules
- Ability to work effectively in a team environment with all levels of personnel
- Ability to travel up to 10%
- Ability to maintain confidentiality Preferences:
- Experience in IT professional risk & control organization or advisory firm a plus
- Experience in risk governance, data protection identity and access management, threat management and risk assessments preferred
- Professional certification(s) such as CISA, CISSP, CRISC preferred
- The working conditions described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Extended working hours may be required as dictated by management and business needs.
- Travel up to 10% may be required.
- May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
- May be required to sit and review information on a computer screen for long periods of time.
- May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard.
- Corporate / satellite office role.
Employer’s Rights: This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.