Senior Technology Controls Tester - Lead

Information Technology Dallas, Texas


Description

The Sr. Associate, Business Control & Risk Management operates within the First Line of Defense to execute the Enterprise Risk Framework - ensuring compliance with Regulations, Heightened Standards, and Corporate Policy. The Sr. Associate will help champion the Business Control mandate acting as a critical partner guiding stakeholders to embed risk management practices in the 1st line. The Sr. Associate serves as a subject matter expert by advising and guiding enterprise wide initiative such as risk assessments, KPI development, remediation of issues. Evaluations require collaboration with various stakeholders while influencing parties towards strategic goals. May manage a small team in these efforts.

Essential Functions:

  • Recognized as a subject matter expert by advising and guiding enterprise wide initiative such as risk assessments, KPI development, remediation of issues.
  • Lead execution of Risk and Control Self-Assessment (RCSA) program in accordance with enterprise methodology.
  • Drives projects to implement the necessary changes to policy, procedures and processes in order to align the Business Unit(s) to the organization's OCC's practice standards.
  • Analyzes, evaluates and provides strategic guidance and direction for programs, policies and procedures to ensure alignment with regulatory requirements and acceptable risk mitigation practices.
  • Acts as a liaison with Risk and Compliance or second line of defense- to develop and implement new policy requests/revisions, to complete all line of business related risk assessments, risk mandates, continuity plans, resolution plans and execution.
  • Provides advisory support for regulatory examinations and audits by defining the how and why for all implemented decisions; ensures all requested documentation is provided.
  • Supports Business Unit team members in the resolution of Risk related issues.
  • Develops and implements appropriate controls and procedures reflecting the standards set forth in the policies and Regulations while accounting for risks inherent in the products, services, types of customers, locations of customers, and functions of the Business Unit.
  • Develops, implements and monitors compliance program and controls for the assigned area. Identifies gaps in controls, proposes solutions, and implements corrective actions.
  • Reports to management on regulatory developments and risks/issues identified within assigned Compliance area. Regularly provides reports to Retail Risk and Compliance Director on progress.
  • Effectively partners with line of business to solicit information and to mitigate risk.
  • Manages complex process evaluations across single or varied line of business.

Requirements:

Education -

  • Bachelor's Degree: Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field, or equivalent work experience
  • Master's Degree: Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field.

Experience -

  • 9-12 years Risk Management, Internal Controls, Auditing, Credit Management, relevant line of business experience and/or legal or regulatory experience.
  • 5-9 years 5-10 years experience in the Business Unit.
  • Prior experience with Risk and Control Self-Assessment (RCSA) / Cyber-risk assessment / Cyber security assessment / SOX testing is required.
  • Develop and document test procedures and/or document recommendations for test plan modifications that improve validation of control objectives. Test procedure development may cover a wide range of technically diverse topics ranging from IP Network Discovery, access management, network security/operation, vulnerability management, Information Security, SDLC, Backup and others.
  • Solid knowledge and understanding of at least few of technology areas across municipal technology platforms including Windows, LINUX, Network and IT Operations, and Virtualization to assess and test technology/info sec controls.  (Must be knowledgeable in at least few of these areas).  
  • Data analysis skills and ability to develop scripts to gather data required for control testing/assessment.  Automate Testing procedure where possible.
  • Perform multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level testing. Obtain, review, and interpret evidence provided to validate controls are performed effectively and identify vulnerabilities, gaps, or control deficiencies.  Identify risks associated with control failures and supports the identification of mitigating controls.
  • Understanding of the products/services, systems, and associated risks/controls.
  • Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations.
  • Ability to accurately document control testing results in sufficient details.
  • Excellent presentation, interpersonal, written and verbal communication skills
  • Demonstrated thought leadership and application of operational risk identification and mitigation practices and procedures.
  • Advanced understanding of the regulatory environment and how the risks of the products and services the bank offers are viewed by the Second Line of Defense and regulators.
  • Demonstrated judgement in escalation, ensuring risk-based clear line of sight for senior executives into existing and emerging issues/incidents.
  • Understanding of regulations including internal controls, Sarbanes-Oxley (SOX), SOC, PCI, GLBA, and NYDFS compliance.
  • Ability to build credibility with, collaborate with, and influence line of business executives.
  • Excellent analytical and complex problem solving skills.
  • Superior project management skills.
  • Ability to constructively work both independently and in collaborative environments involving all levels of management and employees
  • Ability to build internal and external networks of information resources within the risk management ecosystem.
  • Ability to work with limited oversight from manager.
  • In depth research and analysis skills for more complex and critical data, interpret and communicate industry trends.

Licenses & Certifications -

  • CISA/CISSP/CRISC/Security+, Network +, or CCNA   Certification (at least one certification desired)
  • Data Analytics

Competencies:

Collaboration - Relationship Management:

  • Advanced - Leading and Guiding
  • Improves relationships between key individuals to achieve seamless cross-team work flow and positively impact results
  • Uses informal networks to gain support for ideas and projects

Collaboration - Teamwork:

  • Advanced - Leading and Guiding
  • Brings out the best in each team member by consistently motivating and acknowledging peer contributions
  • Understands and leverages team dynamics

Execution - Accountability:

  • Advanced - Leading and Guiding
  • Fully accountable for timeliness, completeness, quality of projects, processes, products and services
  • Remains calm and focused on goals while facing pressures, obstacles or short-term setbacks

Influence - Information Sharing:

  • Advanced - Leading and Guiding
  • Ensures people receive the information they require, and brings the team together to share information

Influence - Two-way communication:

Advanced - Leading and Guiding

  • Effectively conveys difficult or complex information in an easy to understand manner, by providing the big picture and illustrating important linkages
  • Asks open-ended questions that encourage others to give their points of view

Risk Business Acumen - Industry Acumen:

  • Advanced - Leading and Guiding
  • Keeps up -to-date with external market events, pressures and regulations which may impact the organization and assesses whether similar issues exist in the organization
  • Can identify functional and organizational implications associated with major trends
  • Designs solutions to address industry activities that impact the organization

Risk Management - Knowledge of Risk Management Policies, Regulations, Processes and Procedures:

  • Advanced - Leading and Guiding
  • Monitors adherence to policies, regulations, processes and procedures within function and actively undertakes corrective action where necessary
  • Understands end to end processes across the organization and how processes are integrated
  • Has a practical knowledge of regulations impacting area supported

Risk Management - Risk and Compliance Adherence:

  • Advanced - Leading and Guiding
  • Ensures that all directs and colleagues have appropriate knowledge of risk and the regulatory environment
  • Investigates and identifies the root cause and corrects items deemed non-compliant, regardless of pressures from business or management

Working Conditions:

  • Frequently: Minimal physical effort such as sitting, standing, and walking.
  • Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.
  • Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.

Employer’s Rights:

  • This job description does not list all the duties of the job.  You may be asked by your supervisors or managers to perform other duties.  You will be evaluated in part based upon your performance of the tasks listed in this job description.
  • The employer has the right to revise this job description at any time.  This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.

#LI-PP1

At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Employees desiring consideration should complete an online application, utilizing the appropriate process as subscribed by the posting entity. Employees should provide all pertinent information to support their candidacy.

To be considered eligible for internal posting, Santander employees must meet all of the following eligibility requirements:

  • Completion of at least one year of active service in Santander
  • Completion of at least twelve months in current position
  • Be in "Good Standing"

Please click here to see the full policy - http://thesource.sov.gs.corp/assets/Internal-Recruitment-Guidelines.pdf