Director, Security Assurance
Job Family: Information Technology
Designs, analyzes and supports the company's information technology structure, systems and processes. Acquires, designs, implements and operates the company's information technology resources (e.g., computer hardware, operating systems, communications, software applications, data, databases, etc.). Deploys, acquires, maintains and ensures security of information technology assets. Plans and tests processes to ensure compliance with system requirements, business objectives, security standards and other technical requirements.
Job Function: Information Security
Develops, manages and operates security services that assess, prioritize and mitigate information security and technology risk. Includes cyber security threat services, access management services and technology risk assessments. Designs network security perimeter architecture and relevant security controls. Reviews internal and external IT projects and applications for risk and adherence to security policies and industry best practices. Participates on internal security project teams to deploy security technologies and to make recommendations for hardware/software products for future release. Liaises with vendors for various security infrastructure-related products and services.
Summary of Responsibilities:
The Director, Information Security actively works with the lines of business to ensure that technology development and production are performed in accordance with organizations standards and applicable laws. The incumbent reports to the Director, Information Security, and works to establish and maintain the Information Security policy for the Corporation and ensures compliance to Santander Corporate Policy.
- Investigates security incidents and maintain Security Awareness program for the Corporation including articles, privacy training and Info Security.
- Provides consultation to ISBAN, an affiliated software development company to ensure software developed meets the requirements of security policy.
- Works with Santander Privacy Officer to fulfill the information technology requirements of the GLB Act and various state privacy laws.
- Partners with examiners and auditors on technology examinations gathering information and responding to findings.
- Partners with Santander Legal Department and affiliate company, Aquanima, to ensure appropriate security clauses are included in all technology contracts.
- Partners with Santander third party providers including Produban, an affiliated technology processing company, to ensure adequate security controls are implemented, monitored and reported to the Company.
- Manages the Incident Response processes and personnel.
- Coordinates response, triage and recovery activities for Information Security events impacting the Company’s information technology assets.
- Responds to and manages security events. Engages in security investigations and use tools to identify and report the outcomes of incidents to senior management.
- Performs real-time security incident handling and tracking (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support Incident Response Team.
- Correlates incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
- Recruits, trains, develops, motivates, sets goals, and provides on-going feedback to a team of direct reports.
- Other duties as assigned.
Manages subordinate managers and professional staff. Is responsible for the strategic guidance, development and evaluation of employees. Carries out supervisory responsibilities in accordance with Santander’s policies and applicable laws.
- Education -
- Bachelor's Degree: in Computer Science or equivalent field.
- or equivalent work experience
- Experience -
- 9-12 years’ experience in information security, governance, IT audit, or risk management.
- Experience in a technical security engineering or operations role, including network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDS/IPS, and penetration and vulnerability testing.
- Skills & Abilities -
- Experience in providing oversight and guidance on third party risk management (TPRM) process, specifically address information security risk with vendors and business partners
- Experience in providing oversight and guidance on vulnerability management process and procedures to enable risk reduction and remediation across varying technology assets
- Familiar with regulatory compliance requirements (e.g. GLBA, NYDFS, CCPA), and the ability to develop and enhance processes, procedures and reporting that support the associated requirements
- Extensive experience with various types of security technologies that harden, monitor and protect servers and workstations in an enterprise compute environment with both Windows and Linux based systems as well other infrastructure devices (e.g. network devices, storage, etc.)
- Strong interpersonal skills that allow for the communication of highly technical details to non-technical personnel such as executive and business leaders or auditors
- Ability to address issues and solve problems leveraging resources that are not exclusively assigned to this position’s organization structure
- Ability to develop creative solutions that meet business requirements while also ensuring the protection of company data and technological resources
- Familiar with the unique risks associated with engaging third-party technology vendors and how to mitigate such risks
- Experience in managing multiple teams with different skill sets and BAU responsibilities but with one unifying goal of maintaining the security of the company’s technology assets including its data
- Comfortable working with executive and technical leadership around the company to inform on cyber threats and discreetly handle sensitive matters.
- Strong general technology background
- Experience in Information Security along with related financial institution experience
- Strong leadership skills and the ability to lead by example
- Ability to drive execution of aggressive goals through effective planning, prioritization, resource management and follow through.
- Demonstrated experience with information security frameworks
- Ability to manage multiple, ongoing initiatives
- Strong communications skills
- Ability to forsee industry trends
- Ability to maintain and implement best practices within field
- High level understanding of Information Security threats and maintenance
- Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing.
- Demonstrated ability to frame security and risk-related concepts to both technical and nontechnical audiences.
- Experience working with business process reengineering and IT solutioning; experience working on project teams bringing together both business & technology. Capable of explaining technical concepts to a non-technical audience.
- Demonstrated experience in handling cyber incidents and response in similar critical environments
- Proficient in preparation of reports, dashboards and documentation
- Advanced knowledge of network protocols and operating systems
- Advanced networking and operation tools (i.e. – Log management, Firewall management, SIEM, etc…).
- Licenses & Certifications -
- Incumbent must maintain a security certification.
At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Employees desiring consideration should complete an online application, utilizing the appropriate process as subscribed by the posting entity. Employees should provide all pertinent information to support their candidacy.
To be considered eligible for internal posting, Santander employees must meet all of the following eligibility requirements:
- Completion of at least one year of active service in Santander
- Completion of at least twelve months in current position
- Be in "Good Standing"
Please click here to see the full policy- https://tbcdn.talentbrew.com/company/1771/internal_v2_0/img/eligibility.pdf
- Frequently: Minimal physical effort such as sitting, standing, and walking.
- Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.
- Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.
- This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description.
- The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.