Associate, Information Security

Santander is a global leader and innovator in the financial services industry and is evolving from a high-impact brand into a technology-driven organization. Our people are at the heart of this journey and together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible.  This is more than a strategic shift.  It’s a chance for driven professionals to grow, learn, and make a real difference.

If you are interested in exploring the possibilities We Want to Talk to You!

The Difference You Make:

Santander is seeking an Associate, Information Security professional to join the Information Security team within the First Line of Defense. This role is primarily focused on Vulnerability Management, with exposure to Network Security as a secondary or “nice to have” capability. The ideal candidate is a cybersecurity professional who can support, monitor, and help maintain information security controls across on-premises and cloud environments.

As an Associate, you will:

• Protect the Company, customers, and employees by identifying and mitigating technology threats to Santander
• Support and strengthen Santander’s vulnerability management program through scanning, analysis, prioritization, and remediation tracking
• Help identify security risks, configuration gaps, and control weaknesses across infrastructure, applications, and cloud services
• Partner with technology and business teams to drive timely remediation and improve security posture
• Gain exposure to regulatory expectations and enterprise security operations
• Build a strong foundation in cyber risk management, with optional growth into network security disciplines.

What You Bring:

The role will report directly to the Director of Information Security and functionally to the Santander US Tower Head of Infrastructure Security Services. The Associate Information Security professional will work closely with multiple technology, application, and business teams across the Santander ecosystem to help advise on secure design and implementation of solutions.

Under the guidance of senior security leaders, this role supports the integration of security controls into new and existing systems while ensuring alignment with Santander’s information security policies, standards, and regulatory expectations. The role also supports process improvement and automation initiatives, including the use of scripting and prompt engineering techniques to help streamline repetitive audit, risk, and security-related tasks within the Information Security function.

Primary Focus: Vulnerability Management

• Create vulnerability scanning schedules and perform scans on a periodic and ad hoc basis to identify vulnerabilities
• Conduct vulnerability assessments on IT infrastructure, applications, and related information assets
• Support the operation and governance of the vulnerability management lifecycle
• Analyze and prioritize vulnerabilities using the Common Vulnerability Scoring System (CVSS), threat intelligence, exploitability, and business context
• Identify gaps and risks and drive remediation through closure within established timeframes
• Partner with infrastructure, application, cloud, and business teams to validate findings and support remediation planning
• Track remediation progress, escalate aging issues, and support risk acceptance processes when needed
• Establish, track, and report key vulnerability management metrics (e.g., scan coverage, SLA adherence, critical vulnerability aging)
• Participate in change request reviews assessing security risk and recommend solutions
• Perform risk assessments and/or control gap analysis against Information Security Policies and Standards

Broader Information Security Responsibilities:

• Collaborate with technology teams to advise on secure implementation of solutions across the Santander environment
• Provide security input during solution design and change activities, ensuring controls are embedded early in the delivery lifecycle
• Translate information security requirements into practical, business-aligned guidance for partner teams
• Support automation of repetitive security and audit-related tasks using scripting tools and prompt engineering techniques
• Implement book-of-work projects and initiatives within scope, on time, and within budget
• Establish and maintain appropriate governance forums and escalation paths
• Manage and monitor technology, audit, and regulatory risk through governance, oversight, reporting, and training initiatives
• Partner with examiners and auditors on technology examinations, gathering information and responding to findings
• Bachelor's Degree or equivalent work experience: Computer Science or equivalent field. - Required.
• 5+ Years Experience in information security, governance, IT audit, or risk management. - Required.
• 5+ Years SAS experience. - Required.
• Understanding of regulatory expectations related to technology and cyber risk (e.g., OCC, FFIEC, DORA, SOX, NYS DFS).
• Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
• Working knowledge of security systems or tools such as Qualys, AlgoSec, Microsoft SCCM, Ansible, Red Hat Satellite, ServiceNow (SNOW), CMDB, etc.
• Proven ability to work in a team environment.
• Possess the ability to perform under pressure in a challenging environment.
• A hunger to learn and take on challenging opportunities, contributing to the success of the information security team.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.

Certifications:

• CompTIA Security+, CompTIA Network+, CISSP

It Would Be Nice For You To Have:

Experience in the following areas is considered a plus:

• Support oversight of Network Security controls, including firewalls, proxy, Intrusion Prevention Systems (IPS), VPN, Web Application Firewall (WAF), and Network Access Control (NAC), across on-premises and cloud environments
• Conduct periodic reviews of firewall, proxy, and VPN configurations in accordance with Santander US standards and processes
• Review firewall configurations to ensure inbound and outbound traffic is limited to what is necessary for business purposes, and that all other traffic is explicitly denied and logged
• Familiarity with network segmentation, access control principles, and secure rule lifecycle management

What Else You Need To Know:

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range:

Minimum:

We Value Your Impact:

Your contribution matters and it’s recognized.  You can expect a fair and competitive rewards package that reflects the impact you create and the value you deliver. We know rewards go beyond numbers.  Offering more than just a paycheck our benefits are designed to support you, your family and your well-being, now and into the future. Santander Benefits - 2026 Santander OnGoing/NH eGuide (foleon.com) 

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions:

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required.

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next:

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at TAOps@santander.us to discuss your needs.