Associate – Information Security

Associate – Information Security

Requirements

• Bachelor’s or undergraduate degree in Information Systems or Information Technology or equivalent work experience in Information Technology, Information Systems, or equivalent field.
• Preferably 5-9 years’ experience in information security, information technology, governance, IT audit, patch management, vulnerability management, penetration testing, risk management or similar areas.
• Experience with risk assessments and compliance with major regulatory initiatives (e.g. SOX, NYDFS).
• Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
• Working knowledge of security systems or tools such as Qualys, Microsoft SCCM, Ansible, Red hat satellite, Service Now (SNOW), CMDB.
• Possess the ability to perform under pressure in a challenging environment.
• A hunger to learn and take on challenging opportunities contributing to the success of information security team.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
• Proven ability to work in team environment.
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.

Responsibilities

• Designs, analyzes and supports the company’s information technology structure, systems and processes.
• Deploys, acquires, maintains and ensures security of information technology assets.
• Plans and tests processes to ensure compliance with system requirements, business objectives, security standards and other technical requirements.
• Mitigate and manage cyber security threats, ensure systems availability, align with global regulatory risk and compliance requirements, and manage systems and network complexity.
• Leads development and/or implementation of significant or Company-wide Technology Controls / Information Security strategies, policies, programs, tools and provides expert advice and guidance on technical solutions.
• Oversees control and governance activities and identifies and assesses potential security risks, breaches/ exposures impacting highly complex / high risk businesses or transformational (change the bank) strategic initiatives primarily interfacing with executive and/or functional stakeholders across the enterprise.
• Works with the lines of business to ensure that technology development and production are performed in accordance with organizations’ standards and applicable laws.
• Establishes and maintains the Information Security policy for the Corporation and ensure compliance to Santander Policy.
• Assesses and prioritizes risk across the organization, compliance with information security policies, and the development and reporting of information security metrics.
• Protects the Company, customers and employees by mitigating and identifying technology threats to Santander.
• Creates vulnerability scanning schedule and performs scans on a periodic and on an ad Hoc basis to identify vulnerabilities.
• Conducts vulnerability assessment on the target IT Infrastructure, applications and related information assets.
• Builds a monthly scan plan for the vulnerability scanning team to ensure that vulnerability scans are performed on all assets noted in Configuration Management Database (CMDB).
• Identifies vulnerabilities to be analyzed and prioritized based on the Common Vulnerability Scoring System (CVSS).
• Identifies and monitors threats and vulnerabilities using threat intelligence.
• Designs, builds, maintains, and supports the company’s information security program.
• Deploys solutions and secure information assets.
• Provides expertise for cyber security technical and non-technical solutions; reviews and provides guidance enabling business system delivery in a manner that adheres to information security policy.
• Identifies and incorporates security capability requirements into security strategy.
• Establishes, tracks, and reports on key metrics.
• Participates in change request reviews to assess security risk and recommend solutions.
• Manages and monitors technology, audit and regulatory risk through governance, oversight, reporting and training initiatives / programs including management of audit and regulatory findings, regulatory reviews, process and strategic risk & control self-assessment, and key risk indicator program.
• Works closely with the Local and Global Information Technology and Information Security teams and Business Owners to address any open vulnerabilities, regulatory requirements or concerns to mature the information security program.
• Performs risk assessments and/or control gap analysis against Information Security Policies and Standards.
• Performs technical security assessments (e.g., Windows, UNIX, firewalls, routers, oracle, SQL server, etc.).
• Provides direction and acts as an escalation point on projects and issues to other team members.

Preferred Qualifications

• 5-9 years’ experience in information security, information technology, governance, IT audit, patch management, vulnerability management, penetration testing, risk management or similar areas.