Senior Associate, Cyber and Digital Risk Management

Senior Associate, Cyber and Digital Risk Management

Country:
United States of America

It Starts Here:

Santander is a global leader and innovator in the financial services industry and is evolving from a high-impact brand into a technology‑driven organization. Our people are at the heart of this journey and together, we are driving a customer‑centric transformation that values bold thinking, innovation, the courage to challenge what’s possible. This is more than a strategic shift. It’s a chance for driven professionals to grow, learn, and make a real difference.

We want to talk to you!

The Sr Associate Cyber and Digital Risk Management monitors activities to minimize the company's exposure to information security risks. Activities may include second line of defense independent assurance over technical cyber risk analysis, risk identification and remediation. The incumbent shall support the preservation of digital trust and ensure that the oversight is adequate to minimize compliance and regulatory risk by resolving issues and ensuring adherence to industry good practice frameworks, company and legal standards.

Responsible for ensuring that the company's activities adhere to the necessary rules and regulations, and that the company complies with legal/regulatory statutes and jurisdictions, as they relate to the management of cyber and digital risks.

The Senior Associate, Cyber and Digital Risk Management is responsible for independent risk management and assurance activities over the assigned business area’s technology footprint covering Information Security, Cyber Resilience, Cyber Fraud and Data Security (incl. Retention and Disposal) as part of the second line of defense Technology Risk Management organization.

• Establish themselves as one of the second line of defense subject matter experts for key stakeholders in the management of cybersecurity and technology risks across all operating entities
• Identify and assess cybersecurity risks and participate in the independent and ongoing risk oversight of key technology components of the firm’s digital transformation initiatives
• Participate in evaluation of new products, business changes and projects and assess related cybersecurity risks and impact to the technology risk profile
• Participate in the evaluation and management of cybersecurity risks related to third‑party suppliers involved in technology and business projects
• Manage and execute targeted risk reviews designed to evaluate information security risks and their effective and sustainable mitigation
• Perform review and challenge of first line of defense information security risk management processes, data and outcomes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances) and support the development of risk opinions for various levels of management
• Analyze information security/cyber risk data from various sources (e.g. external events, control deficiencies, risk register) to identify and measure levels of risk, concentration, trends and patterns
• Develop the AI Use case Information security assessment framework from 2nd line perspective and perform assessments for a variety of use cases
• Contribute to the updating of existing information security policies and framework or develop new ones that steer the safe and sound adoption of technologies across the organization
• Monitor external trends and evaluate potential impacts to business strategy; provide documented analytical insights of the cyber risk horizon
• Be able to analyze, assess and advise on remediation of regulatory findings, correction of any inconsistencies and monitor resolution
• Prepare information to enable governance committees or working groups in the management oversight of cybersecurity and technology risks
• Support process for constructive engagement across the Lines of Defense regarding differences or conflicts in risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute
• Initiate timely escalations to the Sr. Director, Cyber & Digital Risk and to the leadership team

To perform this job successfully, an individual…