Skip to main content

This site functions best with JavaScript enabled

Search Jobs

Business Information Security Officer - Commercial Banking

Boston, Massachusetts


Solid handshake? Winning smile? Big, bold and bright ideas? If that sounds like you, it’s time to drop everything and start getting excited – because we’re waiting to welcome you to an awesome future. One where you’ll be able to give your entrepreneurial spirit room to grow as you build a rewarding career alongside people as friendly and enthusiastic as you are. So get some screen time with the videos below, and discover how you can Santander.

Back to Job Navigation (Overview)

Success Profile

What makes someone successful at Santander?
Check out the top traits we’re looking for and see if you have the right mix.

  • Enthusiastic
  • Entrepreneurial
  • Outgoing
  • Personable
  • Problem-solver
  • Results-driven

Back to Job Navigation (Success)

Benefits & Rewards

  • Healthcare

    Medical, Dental, Vision Pre-tax Health Accounts, Short- and Long-term Disability EAP, Health Advocate Services

  • Savings Plans

    401(k) Retirement Plan Up to 5% 401(k) Matching Additional Investment Options

  • Family Support

    Paid Parental Leave, Adoption Assistance, Dependent Care FSA, Tax-advantaged Transit/Parking Legal Assistance Plan

  • Insurance

    Life, accidental death, business travel accident, long- and short-term disability insurance coverage

  • Additional Perks

    Tuition and computer purchase reimbursement, plus discounts for cell phone, fitness and auto/home insurance

  • Work/Life Balance

    Paid Time Off (PTO), Holiday Time Off, Volunteer PTO, Travel Discounts

Back to Job Navigation (Rewards)

Job Description

Req ID: 2103169

The Business Information Security Officer (BISO) operates within the First Line of Defense to execute the Information Security and Information Risk Framework - ensuring compliance with Regulations, Heightened Standards, and Corporate Policy. The BISO will help champion the Information Security mandate acting as a critical partner guiding stakeholders to embed information risk management practices in the 1st line. The BISO serves as a subject matter expert by advising and guiding enterprise wide initiative such as risk assessments, KPI development, remediation of issues and cyber risks. Evaluations require collaboration with various stakeholders while influencing parties towards strategic goals. Acts as a liaison between Business Unit(s) managers and information security teams- to manage information security and cybersecurity risks for the Business Unit(s) people, process and technology

  • Analyzes, evaluates and provides strategic guidance and direction for information security programs, policies and procedures to ensure alignment with regulatory requirements and acceptable risk mitigation practices
  • Develops and implements appropriate controls and procedures reflecting the standards set forth in the policies and Regulations while accounting for information and cybersecurity risks inherent in the products, services, types of customers, locations of customers, and functions of the Business Unit
  • Develops, implements and monitors information security compliance program and controls for the assigned area. Identifies gaps in controls, proposes solutions, and implements corrective actions
  • Drives projects to implement the necessary changes to policy, procedures and processes in order to achieve the Business Unit(s) conformance to the organization's information security controls
  • Effectively partners with line of business to solicit information and to mitigate risk
  • Provides advisory support for regulatory examinations and audits by defining the how and why for all implemented decisions; ensures all requested documentation is provided
  • Recognized as a subject matter expert by advising and guiding enterprise wide initiative such as risk assessments, KPI development, remediation of issues
  • Reports to management on cybersecurity developments and risks/issues identified within assigned area. Regularly provides reports to Business Unit(s) management on progress. Supports Business Unit team members in the resolution of Risk related issues.

At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We encourage everyone to apply.

  • Bachelor's Degree; Information Security, Cybersecurity, Computer Science, Risk Management, Information Systems or equivalent field or equivalent work experience
  • Master's Degree (optional); Information Security, Cybersecurity, Computer Science, Risk Management, Information Systems or equivalent field or equivalent work experience
  • Strong knowledge of the implementation and control objectives of Identity and Access Management, Vulnerability Management, Incident Management, Cyber Resiliency, Data Loss Prevention, Insider Risk, Network Security, information control frameworks, information risk assessments, Vendor Management, Privileged Access Management, Risk Management, IT Asset Management, Data Classification, KPI/KRIs
  • 12-15 years; Information Security, Cybersecurity, Information Risk experience
  • Information Security/Risk Certification
  • Ability to anticipate the impact of cybersecurity and other environmental factors and proactively take action to ensure the team/function/enterprise is prepared
  • Ability to build credibility with, collaborate with, and influence line of business executives
  • Ability to build internal and external networks of information resources within the information security ecosystem
  • Ability to collaborate with internal and external service providers to establish resource requirements, scheduling, assignments and service levels
  • Ability to constructively work both independently and in collaborative environments involving all levels of management and employees
  • Ability to work with limited oversight from manager
  • Advanced knowledge of the financial services sector, particularly with the competitive dynamics and products in retail banking and risk management
  • Advanced understanding of the cybersecurity environment and how the risks of the products and services the bank offers are viewed by the Second Line of Defense and regulators
  • Demonstrated experience executing information security control projects across multiple business lines offering a wide variety of financial services products and services
  • Demonstrated judgement in escalation, ensuring risk-based clear line of sight for senior executives into existing and emerging issues/incidents., Demonstrated thought leadership and application of operational risk identification and mitigation practices and procedures
  • Excellent analytical and complex problem-solving skills
  • In depth research and analysis skills for more complex and critical data, interpret and communicate industry trends
  • Strong understanding of NIST Cybersecurity Framework and industry leading practices
  • Superior project management skills
  • Minimal physical effort such as sitting, standing, and walking
  • Brings out the best in each team member by consistently motivating and acknowledging peer contributions
  • Understands and leverages team dynamics
  • Effectively conveys difficult or complex information in an easy to understand manner, by providing the big picture and illustrating important linkages Asks open-ended questions that encourage others to give their points of view
  • Ensures people receive the information they require, and brings the team together to share information
  • Ensures that all directs, and colleagues have appropriate knowledge of information risk and the regulatory environment
  • Investigates and identifies the root cause and corrects items deemed non-compliant, regardless of pressures from business or management
  • Fully accountable for timeliness, completeness, quality of projects, processes, products and services
  • Remains calm and focused on goals while facing pressures, obstacles or short-term setbacks
  • Improves relationships between key individuals to achieve seamless cross-team workflow and positively impact results
  • Uses informal networks to gain support for ideas and projects
  • Keeps up to date with external market events, pressures and regulations which may impact the organization and assesses whether similar issues exist in the organization
  • Can identify functional and organizational implications associated with major trends
  • Designs solutions to address industry activities that impact the organization
  • Monitors adherence to policies, regulations, processes and procedures within function and actively undertakes corrective action where necessary
  • Understands end to end processes across the organization and how processes are integrated
  • Has a practical knowledge of regulations impacting area supported

Primary Location: Boston, Massachusetts, United States

Other Locations: New York-New York,New Jersey-Florham Park,New York-New York,Rhode Island-Providence,Massachusetts-Dorchester,Rhode Island-East Providence,New Jersey-Holmdel,Massachusetts-Boston

Organization: Santander Bank, N.A.


Work in Boston

Check out where you could be working if you apply.

About this location

Featured Jobs

View All of Our Available Opportunities

Your Jobs

You currently have no jobs saved.

Get the Scoop

Keep your finger firmly on the pulse. Sign up, and you'll receive news, updates and alerts for the newest Santander roles as they become available.

already signed up? click here