Sr. Associate, Technology Infrastructure Business Control & Risk Management

Santander is a global leader and innovator in the financial services industry and is evolving from a high-impact brand into a technology-driven organization. Our people are at the heart of this journey and together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible.  This is more than a strategic shift.  It’s a chance for driven professionals to grow, learn, and make a real difference.

If you are interested in exploring the possibilities We Want to Talk to You!

The Difference You Make:

The Sr. Associate, Technology Infrastructure Functional Control Officer operates within the First Line of Defense and is accountable for supporting the Technology Infrastructure organization in executing against the Enterprise Risk Management Framework while ensuring effective risk identification, assessment, mitigation, monitoring, and control execution across critical infrastructure services. The incumbent serves as a trusted risk advisor and control partner to Infrastructure Engineering, Operations, and Service Management teams. This role is responsible for strengthening the risk and control environment across infrastructure domains including:

• Job Scheduling & Workload Automation
• IT Incident Management
• IT Problem Management
• IT Asset Management
• Capacity & Performance Management
• Disaster Recovery & Operational Resilience
• Change & Release Management
• Patch & Vulnerability Management
• Enterprise Backup & Recovery
• Configuration Management (CMDB)
• Physical & Environmental Security
• Network Engineering & Operations
• Data Center Operations
• Infrastructure Monitoring & Event Management
• Technology Service Continuity

The Sr. Associate will lead risk assessments, control evaluations, issue remediation oversight, key risk indicator development, and operational resilience initiatives while ensuring adherence to regulatory requirements, industry frameworks, and enterprise standards. The role serves as a subject matter expert in technology operational risk, infrastructure controls, and resiliency practices and works closely with Technology, Cybersecurity, Enterprise Risk Management, Internal Audit, Regulatory Affairs, and Second Line Risk functions.

What You Bring:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education:

• Bachelor’s Degree: in related field or equivalent demonstrated through a combination of work experience, training, military service, or education - Required
• Master's Degree: in related field or equivalent demonstrated through a combination of work experience, training, military service, or education - Preferred

Qualifications:

• 9+ Years Risk Management, Internal Controls, Auditing, Credit Management, relevant line of business experience and/or legal or regulatory experience. - Required.
• 8-10+ years of experience in Technology Risk Management, IT Audit, Infrastructure Operations, Cybersecurity Governance, Operational Risk Management, or Infrastructure Engineering.
• Promote risk awareness and accountability throughout Infrastructure Operations and Engineering teams.
• Ensure awareness and adherence to Enterprise Risk Management, Operational Risk, Technology Risk, Cybersecurity, and Resiliency frameworks.
• Partner with Second Line Risk and Technology Risk Management teams to ensure alignment with enterprise standards.
• Support governance forums, risk committees, and infrastructure risk reporting routines.
• Lead and facilitate Risk and Control Self-Assessments (RCSA) for infrastructure functions.
• Perform process mapping and maintain Risk & Control Matrices (RCMs) for infrastructure processes.
• Assess inherent and residual risks across infrastructure services.
• Evaluate emerging risks related to cloud adoption, automation, resiliency, cyber threats, and third-party service dependencies.
• Assess design and operating effectiveness of controls supporting:
  • Change & Release Management
  • Incident & Problem Management
  • Job Scheduling
  • Patch Management
  • Enterprise Backup & Recovery
  • Disaster Recovery
  • Capacity Management
  • Configuration Management
  • Asset Management
  • Physical Security
  • Network Operations
  • Validate control performance through testing, evidence review, walkthroughs, and monitoring activities.
  • Identify control gaps and facilitate remediation plans.
  • Develop and monitor Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and Key Control Indicators (KCIs).
• Analyze operational trends related to:
  • Infrastructure availability
  • Incident volumes
  • Problem recurrence
  • Backup success rates
  • Patch compliance
  • Capacity utilization
  • Change success rates
  • Disaster recovery testing
  • Network performance
  • Identify emerging risks and escalate material concerns.
• Issue Management & Remediation
  • Support issue identification, root cause analysis, corrective action planning, and remediation validation.
  • Ensure timely closure of audit, regulatory, and self-identified findings.
  • Challenge action plans to ensure sustainable risk reduction.
• Operational Resilience & Disaster Recovery
  • Support enterprise operational resilience programs.
  • Evaluate disaster recovery capabilities and testing results.
  • Assess recovery objectives (RTO/RPO), resilience strategies, and critical service dependencies.
  • Monitor compliance with business continuity and technology recovery standards.
• Serve as Infrastructure Risk liaison for:
  • Validate management responses and corrective actions.
  • Coordinate evidence gathering and remediation activities
  • Cybersecurity Assessments
  • Technology Risk Reviews
  • External Audits
  • Regulatory Examinations
  • Internal Audit
• Managed and execute risk activities associated with the following Technology Risk Programs:
  • Risk & Control Self-Assessments (RCSA)
  • Technology Risk Assessments
  • Issues Management
  • Operational Resilience
  • Scenario Analysis
  • Material Risk Program
  • Event Management
  • Loss Event Reporting
  • Control Testing
  • Third-Party Technology Risk
  • Technology Change Risk Reviews
• Experience conducting RCSAs, control testing, issue management, and remediation validation.
• Strong understanding with the following:
  • ITIL processes
  • Infrastructure Operations
  • Network Engineering
  • Enterprise Backup & Recovery
  • Configuration Management
  • Capacity & Performance Management
  • Asset Management
  • Incident & Problem Management
  • Patch & Vulnerability Management

Certifications:

• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CGEIT (Certified in the Governance of Enterprise IT)
• CISSP (Certified Information Systems Security Professional)

It Would Be Nice For You To Have:

• ITIL 4 Managing Professional or ITIL 4 Strategic Leader
• Certified Information Security Manager (CISM)
• Certified Business Continuity Professional (CBCP)
• Certified Disaster Recovery Engineer (CDRE)
• Certified in Cybersecurity (CC)
• AWS Security Specialty
• Microsoft Azure Security Engineer Associate
• COBIT Foundation or COBIT Design & Implementation
• PMP (Project Management Professional)

Work Authorization & Sponsorship:
Applicants must be legally authorized to work in the United States on a full-time basis without requiring employer sponsorship to commence employment.

What Else You Need To Know:

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range:

Minimum:

We Value Your Impact:

Your contribution matters and it’s recognized.  You can expect a fair and competitive rewards package that reflects the impact you create and the value you deliver. We know rewards go beyond numbers.  Offering more than just a paycheck our benefits are designed to support you, your family and your well-being, now and into the future.Santander Benefits - 2026 Santander OnGoing/NH eGuide (foleon.com) 

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions:

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required.

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next:

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at TAOps@santander.us to discuss your needs.