Director, GRC & CISO Office, Information Security

Director, GRC & CISO Office, Information Security

Country: United States of America

Your Journey Starts Here:

Santander is a global leader and innovator in the financial services industry. We believe that our employees are our greatest asset. Our focus is on fostering an enriching journey that empowers you to explore diverse career opportunities while nurturing your personal growth. We are committed to creating an environment where continuous learning and development are prioritized, enabling you to thrive both professionally and personally. Here, you will find ample opportunities to connect and collaborate with talented colleagues from around the world, sharing insights and driving innovation together. Join us at Santander, where you are supported by a culture of engagement and a commitment to your success.

An exciting journey awaits, if you are interested in exploring the possibilities We Want to Talk to You!

The Difference You Make :
The Director, Information Security designs, develops, operates and manages comprehensive security architectures, strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. They mitigate and manage cyber security threats, ensure systems availability, align with global regulatory risk and compliance requirements, and manage systems and network complexity.

The incumbent leads development and/or implementation of significant or Company-wide Technology Controls / Information Security strategies, policies, programs, tools and provides expert advice and guidance on technical solutions. The Director oversees control and governance activities and identifies and assesses potential security risks, breaches/ exposures impacting highly complex / high risk businesses or transformational (change the bank) strategic initiatives primarily interfacing with executive and/or functional stakeholders across the organization.

• Part of the Office of CISO responsible for creating, organizing, and articulating summarized risk findings that are clear and actionable by technology and business stakeholders, reduce risk by helping to prioritize and drive remediation efforts throughout the organization, and contribute to risk management, treatment, and reporting process efforts to protect data assets.
• Provide support to the CISO for day-to-day actives included but not limited to reviewing exception requests, access requests and operational tickets.
• Establishes expectations, oversees risk metrics and compliance, and drives awareness in the business of information security and cyber risk frameworks, policies and standards.
• Governance, Risk Management, and Compliance activities related to New York Information Security program as part of the broader Santander US Information Security Governance, Risk and Compliance (GRC) function.
• Perform risk assessments and control gap analysis against Information Security Policies and Standards.
• Support coordination for closure of gaps identified with Standard Requirements and Cyber Risk Assessment methodology.
• Work with the CISO and Business to define a plan and create materials to support information security awareness through CIB client engagements.
• Analysis, evidence gathering and documenting compliance with internal and industry frameworks and regulatory requirements including the Cyber Risk Institute Profile, NYDFS 23 NYCRR 500 cybersecurity or any other regulatory requirements.
• Uplifting information security program requirements and evidence repositories and workflows

What You Bring :
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Bachelor's Degree or equivalent work experience: Computer Science, Engineering or Information Technology Management, or equivalent field. - Required.

12+ Years Experience in information security, governance, IT audit, or risk management.

• Experience in information security, project budget, project financials, IT audit, or information technology risk management
• Experience with risk assessments and compliance of major regulatory initiatives (e.g. SOX, NYDFS)
• Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.)
• Possess the ability to perform under pressure in a challenging environment
• A hunger to learn and take on challenging opportunities contributing to the success of information security team
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects
• Proven ability to work in team environment
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
• Ability to communicate concisely, effectively and directly to executive management

It Would Be Nice For You To Have :
Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.

What Else You Need To Know :

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range

Minimum:

$127,500.00 USD

Maximum:

$225,000.00 USD

Link to Santander Benefits:

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions :

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required .

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next :

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at [email protected] to discuss your needs.

Primary Location: New York, NY, Liberty Street

Other Locations: New York-New York

Organization: Santander US Capital Markets LLC