Skip to main content

This site functions best with JavaScript enabled

Search Jobs

Sr IT Controls Assessor

Apply Req ID: Req1132401 Date posted 05/26/2023
Sr IT Controls Assessor

Miami, United States of America


The Sr IT Controls Assessor operates within the First Line of Defense to execute the Enterprise Risk Framework - ensuring compliance with Regulations, Corporate Standards, and Corporate Policy. The Sr. Associate will help champion the Business Control mandate acting as a critical partner guiding stakeholders to embed risk management practices in the 1st line. The Sr. Associate serves as a subject matter expert by advising and guiding enterprise-wide initiatives such as risk assessments, remediation of issues, and controls performance attestation. Evaluations require collaboration with various stakeholders while influencing parties towards strategic goals.  Sr Associate will guide others on team regarding appropriate testing strategies and may manage a small team in these efforts.

Essential Functions:

  • Through the execution of a defined risk and controls self-assessment program analyzes, evaluates, and provides strategic guidance and direction for programs, policies, and procedures to ensure alignment with regulatory requirements and acceptable risk mitigation practices.
  • Recognized as a subject matter expert by advising and guiding enterprise wide initiative such as risk assessments, , remediation of issues.
  • Drives projects to implement the necessary changes to IT procedures and processes in order to align the Business Unit(s) to the organization's OCC's practice standards.
  • Acts as a liaison with Risk and Compliance teams or Second Line of Defense- to develop and implement new standard requests/revisions, to complete all line of business-related risk assessments, risk mandates, continuity plans, resolution plans and execution.
  • Provides advisory support for regulatory examinations and audits by defining the how and why for all implemented decisions; ensures all requested documentation is provided.
  • Supports Business Unit team members in the resolution of Risk related issues.
  • Develops and implements appropriate controls and procedures reflecting the standards set forth in the policies and Regulations while accounting for risks inherent in the products, services, types of customers, locations of customers, and functions of the Business Unit.
  • Develops, implements, and monitors compliance program and controls for the assigned area. Identifies gaps in controls, proposes solutions, and implements corrective actions.
  • Performs control performance attestations as part of the First Line of Defense across all of IT operations by determining the design and operating effectiveness of controls in accordance with standards and regulatory requirements. 
  • Reports to management on regulatory developments and risks/issues identified within assigned area. Regularly provides reports to Risk and Compliance management on progress.
  • Effectively partners with line of business to solicit information and to mitigate risk.
  • Manages complex process evaluations across single or varied lines of business.


Education -

  • Bachelor's Degree: IT Risk Management, Information Systems, or equivalent field or equivalent work experience
  • Master's Degree IT Risk Management, Information Systems, or equivalent field.

Experience -

  • 5+ years IT Risk Management, Internal Controls, Auditing, relevant line of business experience.
  • 3+ years testing IT technical controls and evaluation of IT technical evidence

Skills & Abilities -

  • Must be able to “hit the ground running”
  • 5+ years of IT Risk Management, Internal Controls, Auditing, Information Security experience.
  • Prior hand-on experience with Cyber-risk assessment / Cyber security assessment / Penetration testing / Network Devices (firewalls/IDS-IPDS) / IT Tools
  • Strong knowledge and understanding of risk and control methodology including frameworks such as the COSO and COBIT frameworks.
  • Experience conducting walkthroughs of medium to complex IT processes.
  • Independently develop and document test procedures and/or document recommendations for test plan modifications that improve validation of control objectives. Test procedure development may cover a wide range of technically diverse topics ranging from IP Network Discovery, access management, network security/operation, vulnerability management, Information Security, SDLC, Backup and others. Should have extensive experience testing IT controls across multiple IT domains and evaluating both automated and manual controls related to Information Security or IT infrastructure domains.
  • Data analysis skills and ability to independently develop scripts to gather data required for control testing/assessment.  Automate Testing procedure where possible
  • Perform multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level testing. Independently obtain, review, and interpret evidence provided to validate controls are performed effectively and identify vulnerabilities, gaps, or control deficiencies.  Identify risks associated with control failures and supports the identification of mitigating controls.
  • Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations.
  • Ability to accurately document control testing results in sufficient details with minimal to no re-work.
  • Ability to work on multiple concurrent assessments.
  • Ability to work under pressure and meet deadlines.
  • Ability to build credibility with, collaborate with, and influence line of business executives.
  • Excellent analytical and complex problem-solving skills, and communication skills.
  • Ability to build Excel formulas to analyze data
  • Superior project management skills.
  • Ability to constructively work both independently and in collaborative environments involving all levels of management and employees
  • Ability to work with limited oversight from manager.
  • Demonstrated experience executing risk projects across multiple IT business lines offering a wide variety of financial services products and services.
  • Demonstrated thought leadership and application of operational risk identification and mitigation practices and procedures.
  • Advanced understanding of the regulatory environment and how the risks of the products and services the bank offers are viewed by the Second Line of Defense and regulators.
  • Demonstrated judgement in escalation, ensuring risk-based clear line of sight for senior executives into existing and emerging issues/incidents.
  • Ability to build credibility with, collaborate with, and influence line of business executives.
  • Ability to constructively work both independently and in collaborative environments
  • Ability to collaborate with internal and external service providers to establish resource requirements, scheduling, assignments and service levels.
  • Ability to build internal and external networks of information resources within the risk management ecosystem.
  • Ability to work with limited oversight from manager.
  • In depth research and analysis skills for more complex and critical data, interpret and communicate industry trends.

Licenses & Certifications -

  • Preferred Professional Certification such as CRISC, CISA, CISSP

Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.

Employer Rights: Employer Rights: This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

Bachelor of Science (BS) English

Primary Location: Miami, FL, Miami

Other Locations: Florida-Miami


Featured Jobs

View All of Our Available Opportunities

Your Jobs

You currently have no jobs saved.

Work in Miami

Check out where you could be working if you apply.

About this location

Get the Scoop

Keep your finger firmly on the pulse. Sign up, and you'll receive news, updates and alerts for the newest Santander roles as they become available.

already signed up? click here