Information Security function provides capabilities to efficiently safeguard information and technology assets for business and customer use.This individual will be a key member assessing and prioritizing risk across the organization, compliance with information security policies, and the development and reporting of information security metrics.
• Work closely with Santander US Information Security Governance, Risk and Compliance (GRC) team to address any New York related information security or related regulatory requirements to enhance information security maturity.
• Perform risk assessments and control gap analysis against Information Security Policies and Standards.• Support coordination for closure of gaps identified with Standard Requirements and Cyber Risk Assessment methodology.
• Compliance, Governance and Risk Management activities related to New York Information Security program.• Analysis, evidence gathering and documenting compliance with Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT), NYDFS 23 NYCRR 500 cybersecurity or any other regulatory requirements.
• Uplifting information security program requirements and evidence repositories and workflows• Create, organize, and articulate summarized risk findings that are clear and actionable by business stakeholders, reduce risk by helping to prioritize and drive remediation efforts throughout the organization, and contribute to risk management, treatment, and reporting process efforts to protect data assets.
Bachelor’s or undergraduate degree in Information Systems or Information Technology or equivalent work experience in Information Technology, Information Systems, project management, or equivalent field.
SKILLS AND EXPERIENCE:
• Preferably 0-3 years’ experience in information security, governance, IT audit, or information technology risk management
• Experience with risk assessments and compliance of major regulatory initiatives (e.g. SOX, NYDFS)
• Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.)
• Possess the ability to perform under pressure in a challenging environment
• A hunger to learn and take on challenging opportunities contributing to the success of information security team.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
• Proven ability to work in team environment
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
• Languages: English, Spanish (Nice to have)