The Sr. Associate, Information Risk Management, is responsible for the strategic development, implementation, and effective execution of the Information Risk Management program by identifying and assessing technology-related risks. 

• Provide credible review and challenge of 1st Line Risk and Control Self-Assessments, including process mapping, identification and assessment of risk, identification of controls, and assessments of control design and effectiveness to promote a culture of risk awareness and accountability.

• Collaborate with internal stakeholders, including technology teams, senior management, and business units, to communicate risk management objectives, priorities, and initiatives.

• Provide review and challenge of key risk indicators (KRIs), risk appetite statements and top of house metrics.

• Analyzes, measures performance, monitors trends, defines limits according for exposures in accordance to Risk Appetite and incompliance with the company’s policies.

• Lead assessments, identify and assess risks, document findings and opinions, and report and escalate as necessary to executive management or corporate risk partners.

• Perform independent risk assessments of information risk management related disciplines, including technology infrastructure, information security, end user computing and business resilience.

• Review information security policies, procedures, and controls to safeguard the confidentiality, integrity, and availability of data and systems.

• Knowledge of relevant laws, regulations, and industry standards and frameworks related to technology risk management.

Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Risk Management or equivalent field or equivalent work experience; advanced degree or relevant professional certifications (e.g., CISSP, CRISC, CISA) preferred.

• Work Experience: 8+ years in Information Risk Management in Financial Services Industry with a track record of successfully leading risk management initiatives in a complex organizational environment.

• Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks and develop effective mitigation strategies.

• Strong understanding of industry best practices, standards, and frameworks related to technology risk management, such as ISO 27001, NIST Cybersecurity Framework, and COBIT.

• Strong communication and interpersonal skills, with the ability to effectively interact with stakeholders at all levels of the organization.

• Ability to independently operate in a complex, matrixed environment; adept at delivering and maintaining productive working relationships across business, functions, geographies, and lines of defense.

• Advanced nonfinancial risk, process, and control validation and/or assessment skills.

• Ability to direct, train and guide peers, subordinates, and management.

• Ability to adjust to new developments/changing circumstances and have the ability to adapt and adjust to multiple demands and competing priorities.

At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

Primary Location: Boston, MA, Boston

Other Locations: Massachusetts-Boston,Texas-Dallas,Florida-Coconut Grove

Organization: Santander Holdings USA, Inc.