Senior Associate Information Risk Management

Key Skills

Aartificial intelligence, AWS, Azure, Data Engineering, Design, DevOps, Effective communication skills, Google Cloud Platform (GCP), KPIs, Machine learning techniques, Management, Planning and organization

Job Description

The Senior Associate will be part of a dedicated team and execute against IRM strategy and conduct independent risk assessments/review and challenge on technology, fraud, payments, and third-party projects/processes/controls for a new digital bank platform being deployed both on-prem and in the AWS cloud. This role is expected to be able to lead assessments, identify and assess risks, document findings and opinions, and report and escalate as necessary to executive management or corporate risk partners. This role will need to work in close partnership with all lines of internal risk management peers including other first line of defense teams, corporate risk functions and internal audit. This role requires a combination of financial services (ideally US banking) risk management and cloud technology experience and expertise.

RESPONSBILITIES:

• Identifying risks and requirements related to regulations and policies

• Mapping risks and requirements to product functionality and processes

• Reviewing configuration, controls and mitigation activities against risks

• Assessing testing designs and approach and review test result output

• Preparing materials for risk and compliance governance meeting review and signoff

• Manage delivery timelines and develop materials to ensure IRM independent opinion appropriately represented during committee meetings, external exams and internal audits.

• Ensure all activities and deliverables achieve their timeliness, quality and accuracy service levels.

• Help keep CIRO informed on status of program execution and emerging risks.

• Ensures a sound operational and compliance control environment through establishment of a system of internal controls.

• Continuously monitor sources of risk within LOB KRIs, KPIs, QC functions, control testing, losses, fraud, incidents, and industry events. Identify control and policy/procedure updates.

• Drive, track and report on issue identification and remediation.

• Support process for constructive engagement with the Second and Third Lines of Defense regarding differences or conflicts in operational risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute.

QUALIFICATIONS:

• Education: bachelor’s degree or equivalent work experience in Accounting, Business, Statistics, Risk Management, Information Systems/Security, Finance, Economics or equivalent field.

• 7+ years of Technology Risk Management, GRC, or Audit experience

• Practical experience using industry frameworks such as COBIT, ITIL , NIST 800-53, CSA-CCM v4, Fed Ramp, CIS Benchmarks, to identify, assess, mitigate, and report information and operational risk.

• Minimum 2+ yrs. of Cloud experience (adoption, implementation) in AWS, Azure, GCP is a must (AWS preferable).

• Experience working directly in one or more of these Cloud domains - Solutions Architect, DevOps, SysOps, or Data Engineering – is highly desirable. Should have working knowledge of services such as (or equivalent to) AWS EC2, API Gateway, CodeCommit, CodePipeline, Lambda, S3, RDS, VPC, ELB, Route53, Auto-Scaling, IAM through AWS Console, and CloudFormation

• Fundamental understanding of Cloud architectures, controls and risks from hands-on practical experience is a must.

• AWS-Certified Cloud Practitioner foundational certification (or equivalent for other Cloud platforms) is highly desired, higher certification levels a strong plus.

• AI/Machine Learning knowledge a plus

• Risk Certification preferred (i.e., CRISC, CISM, CISA, etc.)

• Demonstrated knowledge of operating in a regulated entity, preferably a ban

• Drive results and meet deadlines to reduce risks in a fast-paced environment with minimal supervision.

• Analyze highly complex business issues and produce results, opinions and recommendations that are conveyed in an easy-to-understand manner.

• Strong ability to lead, partner, and influence across all leadership levels.

• Excellent communication skills, including an ability to influence stakeholders across the organization, to speak effectively in small and large-group settings, and to write clearly in internal memos, presentations and e-mails

• Strong attention to detail in a fast-paced work environment.

• Fully accountable for timeliness, completeness, quality of projects, processes, products and services

• Remains calm and focused on goals while facing pressures, obstacles or short-term setbacks.

• Keeps up to date with external market events, pressures and regulations which may impact the organization and assesses whether similar issues exist in the organization.

• Monitors adherence to policies, regulations, processes and procedures within function and actively undertakes corrective action where necessary.

• Understands end to end processes across the organization and how processes are integrated.

At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.