Information Risk Management Senior Associate
Boston, United States of America
The Information Risk Management (IRM) Senior Associate (Sr. Associate, Operational Risk) will be part of a dedicated team and execute against IRM strategy conducting independent risk assessments, review of First Line of Defense Risk and Control Self-Assessment (RCSA) and challenge of infrastructure and information security controls within technology and cross functional technology across business lines.
This role is expected to be able to lead assessments, identify and assess risks, document findings and opinions, and report and escalate as necessary to senior management and corporate risk partners. This role will need to work in close partnership with all lines of internal risk management peers including other first line of defense teams, corporate risk functions and internal audit. This role requires a knowledge financial services (ideally US banking) risk management technology experience and expertise and regulatory requirements.
RESPONSBILITIES:
- Identifying risks and requirements related to regulations and policies
- Mapping risks and requirements to product functionality and processes
- Reviewing configuration, controls, and mitigation activities against risks
- Assessing testing designs and approach and review test result output
- Preparing materials for risk and compliance governance meeting review and signoff
- Manage delivery timelines and develop materials to ensure IRM independent opinion appropriately represented during committee meetings, external exams, and internal audits.
- Ensure all activities and deliverables achieve their timeliness, quality, and accuracy service levels.
- Keep CIRO informed on status of program execution and emerging risks.
- Ensures a sound operational and compliance control environment through establishment of a system of internal controls.
- Continuously monitor sources of risk within LOB KRIs, KPIs, QC functions, control testing, losses, fraud, incidents, and industry events. Identify control and policy/procedure updates.
- Drive, track and report on issue identification and remediation.
- Support process for constructive engagement with the First and Third Lines of Defense regarding differences or conflicts in operational risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute.
QUALIFICATIONS:
- Education: Bachelor's degree or equivalent work experience in Risk Management, Information Systems/Security, Computer Science, or equivalent field.
- 7+ years of Information Risk Management, GRC, or Audit experience
- Practical experience using industry frameworks such as COBIT, ITIL , ISO, NIST 800-53, CSA-CCM v4, Fed Ramp, CIS Benchmarks, to identify, assess, mitigate, and report information and operational risk.
- Fundamental understanding of Cloud architectures, controls and risks from hands-on practical experience is a must.
- AI/Machine Learning knowledge a plus.
- Risk Certification preferred (i.e., CRISC, CISM, CISA, etc.)
- C loud experience (adoption, implementation) in AWS, Azure, or GCP.
- AWS-Certified Cloud Practitioner foundational certification (or equivalent for other Cloud platforms) is highly desired, higher certification levels a strong plus.
- Drive results and meet deadlines to reduce risks in a fast-paced environment with minimal supervision.
- Analyze highly complex business issues and produce results, opinions and recommendations that are conveyed in an easy-to-understand manner.
- Strong ability to lead, partner, and influence across all leadership levels.
- Excellent communication skills, including an ability to influence stakeholders across the organization, to speak effectively in small and large-group settings, and to write clearly in internal memos, presentations, and e-mails
- Strong attention to detail in a fast-paced and changing work environment.
- Fully accountable for timeliness, completeness, quality of projects, processes, products, and services
- Remains calm and focused on goals while facing pressures, obstacles, or short-term setbacks.
- Keeps up to date with external market events, pressures and regulations which may impact the organization and assesses whether similar issues exist in the organization.
- Monitors adherence to policies, regulations, processes, and procedures within function and actively undertakes corrective action where necessary.
- Understands end to end processes across the organization and how processes are integrated.
Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.
This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.
Primary Location: Boston, MA, Boston
Other Locations: Massachusetts-Boston,New Jersey-Florham Park,Florida-Coconut Grove,New York-New York,Rhode Island-East Providence
Organization: Santander Holdings USA, Inc.
The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.
Salary: $112,500 - $160,000/year