Skip to main content

This site functions best with JavaScript enabled

Search Jobs

US Head, Business Information Security Officer

BOSTON, Massachusetts


Solid handshake? Winning smile? Big, bold and bright ideas? If that sounds like you, it’s time to drop everything and start getting excited – because we’re waiting to welcome you to an awesome future. One where you’ll be able to give your entrepreneurial spirit room to grow as you build a rewarding career alongside people as friendly and enthusiastic as you are. So get some screen time with the videos below, and discover how you can Santander.

Back to Job Navigation (Overview)

Success Profile

What makes someone successful at Santander?
Check out the top traits we’re looking for and see if you have the right mix.

  • Enthusiastic
  • Entrepreneurial
  • Outgoing
  • Personable
  • Problem-solver
  • Results-driven

Back to Job Navigation (Success)

Benefits & Rewards

  • Healthcare

    Medical, Dental, Vision Pre-tax Health Accounts, Short- and Long-term Disability EAP, Health Advocate Services

  • Savings Plans

    401(k) Retirement Plan Up to 5% 401(k) Matching Additional Investment Options

  • Family Support

    Paid Parental Leave, Adoption Assistance, Dependent Care FSA, Tax-advantaged Transit/Parking Legal Assistance Plan

  • Insurance

    Life, accidental death, business travel accident, long- and short-term disability insurance coverage

  • Additional Perks

    Tuition and computer purchase reimbursement, plus discounts for cell phone, fitness and auto/home insurance

  • Work/Life Balance

    Paid Time Off (PTO), Holiday Time Off, Volunteer PTO, Travel Discounts

Back to Job Navigation (Rewards)

Job Description

Req ID: 2003701
US Head, Business Information Security Officer-2003701


The US Head Business Information Security Officer (BISO) operates within the first line of defense and is accountable to build, manage and drive the execution of a centralized Business Information Security Program across Santander US subsidiaries, working closely with CISO teams and Business executives

S/He directly reports to the US Chief Information Security Officer (CISO) and is responsible for managing day to day activities for Line of Business(es) BISOs, liaising with senior/executive management and/or board on the overall effectiveness of the Line of Business(es) information security control environment, ensuring effective execution of business line cyber risk assessments, and proactively identifying emerging and material cyber risks that may change the line of business(es) risk profile. The individual has direct oversight for the effectiveness and on-time closure of line of business information security action plans and ensures that as risk appetite changes, applicable controls and metrics within each business remain adequate and effective.


·Drive Risk Culture: Establishes expectations, ownership and accountability for information security risk management within the Business Line. Provide risk expertise and control function feedback, as applicable, during performance review cycles and incentive plans of employees in the Business Line. Ensure awareness in the Business Line of cyber risk frameworks, policies and standards.

·Communication & Training: Act as central point of contact for receipt and distribution of information security related information between CISO teams and Business Lines. Maintain two way communications with CISO teams and SLoD. Facilitate information security training for Business Lines to provide awareness of risk frameworks, policies, programs, processes, including phishing exercises.

·Adherence to Risk Frameworks, Policies, and Standards: Partner with CISO teams and SLoD to provide input/review of frameworks, policies and standards. Facilitate Business Line awareness of and adherence to risk frameworks, policies, and standards through internal control testing and issue validation. Report and escalate exceptions and facilitate Business Line corrective actions.

·Continuous Monitoring: Continuously monitors all sources of information security risk existing within the Business Line and externally. Engage in research, peer networking, and experience to anticipate critical cyber risk issues impacting the Business Line. Understand where information security risks exist in the Business Line and continually assess and improve controls to mitigate those risks. Monitor information security Key Risk Indicators and report on negative/adverse trends in Business Line. Monitor risk profile to maintain tolerance within Risk Appetite.

·Issue Identification, Management, and Risk Assessment: Support execution of Business Line RCSAs ensuring cyber risks are incorporated.This includes Process Mapping, Risk & Control Matrices, Inherent Risk Assessments, Internal Control testing and Heracles data/input for cyber risks.Engage and hold Business Line process owners accountable to identify and assess cyber risks. Support Business Lines in cyber risk identification (e.g. NPBA, change management, etc.). Ensure all information security issues (Self-Identified, IA, Credit Risk Review or Regulatory) pertaining to the Business Line are resolved within established timelines. Validate information security issues to ensure Business Line remediation is sufficient to address root cause and prevent recurrence.

·Internal Control Testing: Implement and maintain information security internal control testing and control effectiveness monitoring in the Business Line. Validate the adequacy of controls, escalate deficiencies as appropriate. Identify root causes of control deficiencies/weaknesses and take appropriate action to ensure Business Lines remediate and prevent recurrence.

·Exam Management: Liaison with the Business Line for all information security exam related activities including regulatory, Internal Audit and Credit Risk Review. Review materials, responses and validate Business Line remediation work (e.g. artifacts, action plans, etc.)



·Bachelor's Degree required, Masters preferred in Accounting, Business, Statistics, Risk Management, Information Systems, Information Security, Finance, Economics or equivalent field.

·12-15 years of risk management, controls or related experience in financial services, preferably with information security focus.

·Demonstrated leadership and management experience building new programs and teams

·Experience with delivering risk management execution across multiple business lines offering a wide variety of financial services products and services.

·Deep knowledge of the financial services sector, particularly with the competitive dynamics and products in retail banking and risk management.

·Developed understanding and demonstrated application of operational risk identification and mitigation practices and procedures.

·Developed understanding of the regulatory environment and how the risks of the products and services the bank offers are viewed by the Second Line of Defense and regulators.

·Ability to build credibility with, collaborate with, and influence line of business executives.

·Able to effectively engage in communication with executive management, board members, regulators and other team members across the Santander US

·Ability to collaborate with internal and external service providers to establish resource requirements, scheduling, assignments and service levels.

·Ability to anticipate the impact of regulatory and other environmental factors and proactively take action to ensure the team/function/enterprise is prepared.

·Ability to develop a mentoring culture with both senior experienced team members and junior staff.

·Ability to build, present and negotiate a position based on metrics and facts.

·Ability to build internal and external networks of information resources within the risk management ecosystem.


:Business Control

Primary Location

:Massachusetts-BOSTON-75 State Street - 06366 - State Street-Corp


:Technology (5900)



Job Posting

:Nov 2, 2020, 2:54:50 PM


Work in Boston

Check out where you could be working if you apply.

About this location

Learn about roles in consumer & business banking

view Branch Manager video

Branch Manager

play icon
view Universal Banker video

Universal Banker

play icon
view Personal Banking Representative video

Personal Banking Representative

play icon
view Mortgage Development Officer video

Mortgage Development Officer

play icon
view Licensed Banker video

Licensed Banker

play icon
view Financial Consultant video

Financial Consultant

play icon
view Customer Service Representative video

Customer Service Representative

play icon
view Teller video


play icon

Featured Jobs

View All of Our Available Opportunities

Your Jobs

You currently have no jobs saved.

Get the Scoop

Keep your finger firmly on the pulse. Sign up, and you'll receive news, updates and alerts for the newest Santander roles as they become available.

already signed up? click here