Director, Infrastructure Security
Job Family: Information Technology
Designs, analyzes and supports the company's information technology structure, systems and processes. Acquires, designs, implements and operates the company's information technology resources (e.g., computer hardware, operating systems, communications, software applications, data, databases, etc.). Deploys, acquires, maintains and ensures security of information technology assets. Plans and tests processes to ensure compliance with system requirements, business objectives, security standards and other technical requirements.
Job Function: Information Security
Develops, manages and operates security services that assess, prioritize and mitigate information security and technology risk. Includes cyber security threat services, access management services and technology risk assessments. Designs network security perimeter architecture and relevant security controls. Reviews internal and external IT projects and applications for risk and adherence to security policies and industry best practices. Participates on internal security project teams to deploy security technologies and to make recommendations for hardware/software products for future release. Liaises with vendors for various security infrastructure-related products and services.
Summary of Responsibilities:
The Director, Information Security actively works with the lines of business to ensure that technology development and production are performed in accordance with organizations standards and applicable laws. The incumbent reports to the Sr. Director, Chief Information Security Officer, and works to establish and maintain the Information Security policy for the Corporation and ensures compliance to Santander Corporate Policy. This position reviews, designs and develops security operational processes, standards, and procedures utilizing current and new technologies to improve security controls and business performance.
Develop and maintain security infrastructures and programs in accordance with established organizational policies and procedures, including working closely with Santander Consumer USA’s IT and business teams.
Develop and implement tools and technology to monitor compliance with company security policies and procedures, as well as laws and regulations.
Provides strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.
Provides consultation to IT Application Development to ensure software developed meets the requirements of security policy.
Works with Santander Privacy Officer to fulfill the information technology requirements of the GLB Act and various state privacy laws.
Partners with examiners and auditors on technology examinations gathering information and responding to findings.
Partners with Santander third party providers to ensure adequate security controls are implemented, monitored and reported to the Company.
Manages the IT platforms and network security processes and personnel.
Recruits, trains, develops, motivates, sets goals, and provides on-going feedback to a team of direct reports.
Other duties as assigned.
Manages subordinate managers and professional staff. Is responsible for the strategic guidance, development and evaluation of employees. Carries out supervisory responsibilities in accordance with Santander’s policies and applicable laws.
o Bachelor's Degree: in Computer Science or equivalent field.
o or equivalent work experience
o 9-12 years Experience in information security, governance, IT audit, or risk management.
o Experience in a technical security engineering or operations role, including network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDS/IPS, and penetration and vulnerability testing.
Skills & Abilities -
o Comfortable working with executive and technical leadership around the company to inform on cyber threats and discreetly handle sensitive matters.
o Strong general technology background
o Experience in Information Security along with related financial institution experience
o Strong leadership skills and the ability to lead by example
o Ability to drive execution of aggressive goals through effective planning, prioritization, resource management and follow through.
o Demonstrated experience with information security frameworks
o Ability to manage multiple, ongoing initiatives
o Strong communications skills
o Ability to foresee industry trends
o Ability to maintain and implement best practices within field
o High level understanding of Information Security threats and maintenance
o Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing.
o Demonstrated ability to frame security and risk-related concepts to both technical and nontechnical audiences.
o Experience working with business process reengineering and IT solutioning; experience working on project teams bringing together both business & technology. Capable of explaining technical concepts to a non-technical audience.
o Demonstrated experience in handling cyber incidents and response in similar critical environments
o Proficient in preparation of reports, dashboards and documentation
o Advanced knowledge of network protocols and operating systems
o Advanced networking and operation tools (i.e. – Log management, Firewall management, Proxy, SIEM, etc…)
Licenses & Certifications -
o Relevant professional certifications or working towards attainment such as: GCIH/GSEC, CISM, CISA, CISSP, CRISC
Frequently: Minimal physical effort such as sitting, standing, and walking.
Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.
Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.
At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description.
The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.
Employees desiring consideration should complete an online application, utilizing the appropriate process as subscribed by the posting entity. Employees should provide all pertinent information to support their candidacy.
To be considered eligible for internal posting, Santander employees must meet all of the following eligibility requirements:
- Completion of at least one year of active service in Santander
- Completion of at least twelve months in current position
- Be in "Good Standing"
Please click here to see the full policy- https://tbcdn.talentbrew.com/company/1771/internal_v2_0/img/eligibility.pdf