Sr. Associate, Operational Risk
Company: Santander Holdings USA Inc
Location: Dallas
Posted on: May 16, 2022
|
|
Job Description:
Dallas, United States of America
WHAT YOU WILL BE DOING
The Sr. Associate for Information Risk Management is responsible
for the strategic development, implementation, and effective
execution of activities in the Information Risk Management (IRM)
program. The key program elements of which cover include internal
loss, external loss, risk assessment, business impact assessments,
KRIs, scenario analysis / stress testing, awareness, and
communication, issues and remediation planning, tracking, MIS and
reporting, testing, compliance, and monitoring.
Essential Functions:
Analyzes, measures performance, monitors trends, defines limits
according for Santander Consumer USA IRM Risk exposures in
accordance to Risk Appetite.
Assist in the ongoing oversight of IRM as part of the established
Operational Risk (OR) Framework in support of the first line of
defense.
Contributes to escalation, reporting, communication to Risk
Governance Forums.
Helps drive culture of risk awareness.
Supports the creation, management, and development of IRM program
strategy, policies and models within the Santander Consumer USA to
reduce risk for technology operations and Information and Cyber
Security.
Requirements:
Education -
Bachelor's Degree: Business, Finance, Management, or equivalent
field.
or equivalent work experience
Experience -
8+ years Risk Management or Governance, Risk and Compliance
(GRC)
8+ years combined in Information Technology, Cyber or Information
Security
3-6 years Financial Services industry
Primary Skills -
IT Asset Inventory and CMDB
Network Security incl. Firewall and Segmentation
Incident & Change Management
Technology Architecture
Basic Technology Risk requirements -
Review and analysis of security-related configuration and hardening
standards for Windows, ESX, and RedHat servers, Windows
laptops/desktops, SQL Server database and network technologies
within the enterprise.
Reviewing configuration and policies of Information Security
Scanning Tools covering operating systems and databases.
Review and challenge compliance metrics published by corporate-wide
audience and prepare conclusions for review by ORM (Operational
Risk Management) and senior management.
Review and verify compliance with Information Security related
standards and process documentation (e.g. End User Computing and
Macro Governance)
Supporting internal and external audit exercises.
Regulatory Knowledge: Gramm-Leach Bliley Act (GLBA), Sarbanes-Oxley
(SOX), OCC Heightened Standards, FFIEC Guidelines, NYDFS, GDPR
General Skills & Abilities -
Strong operational risk management principles, methodologies and
tools, governance principles and activity preferably in a financial
services technology environment.
Ability to independently operate in a complex, matrixed
environment; adept at delivering and maintaining productive working
relationships across business, functions, geographies and lines of
defense
Advanced technology or operational risk, process, and control
validation and/or assessment skills.
Ability to handle conflict resolution with other groups to ensure
appropriate accounting guidance is followed.
Ability to adjust to new developments/changing circumstances.
Ability to convey a sense of urgency and drive issues/projects to
closure.
Ability to effectively interact with the market, executive
management and vendors.
Ability to adapt and adjust to multiple demands and competing
priorities.
Excellent written and oral communication skills.
Excellent analytical, organizational and project management
skills.
Strong project management skills.
Preferred general technical Skills - A general understanding,
working or auditing knowledge for majority of areas listed is
preferred: Microsoft Windows, Red Hat Linux, IBM AIX, IBM
Mainframe/Midrange, VMWare ESXi, LAN/WAN/MAN Networking, Firewall
Technologies, Intrusion Detection/Prevention Systems (IDP/IPS),
Security Information and Event Management (SIEM), Cloud Computing,
Web Proxies, SQL/Oracle/DB2 Database Technologies, Storage Area
Networks (SAN) and Network Attached Storage (NAS), Email Systems,
End-User Computing, Web Servers
Preferred Certification -
CISSP (ISC2), CISM (ISACA), GIAC (SANS) CRM, CISA (ISACA), CRISC
(ISACA), IT Risk Fundamentals (ISACA), Certified business
Continuity Professional (CBCP, issued by the DRI), AWS or Azure
Cloud Security Certification
Santander is an equal opportunity employer. All qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, sexual orientation, gender identity,
national origin, genetics, disability, age, veteran status or any
other characteristic protected by law.
Working Conditions: Frequent Minimal physical effort such as
sitting, standing and walking. Occassional moving and lifting
equipment and furniture is required to support onsite and offsite
meeting setup and teardown. Physically capable of lifting up to
fifty pounds, able to bend, kneel, climb ladders.
Employer Rights: Employer Rights: This job description does not
list all of the job duties of the job. You may be asked by your
supervisors or managers to perform other duties. You may be
evaluated in part based upon your performance of the tasks listed
in this job description. The employer has the right to revise this
job description at any time. This job description is not a contract
for employment and either you or the employer may terminate at any
time for any reason.
WHAT WE ARE LOOKING FOR
EXPERIENCE
EDUCATION Bachelor of Science (BS)
COMPETENCIES
Primary Location: Dallas, Texas, United States of America
Other Locations: Texas-Dallas
Organization: Santander Consumer USA Inc.
Keywords: Santander Holdings USA Inc, Dallas , Sr. Associate, Operational Risk, Other , Dallas, Texas
Click
here to apply!
|