Associate, Information Security

About The Position

Requirements

• Bachelor's Degree or equivalent work experience: Computer Science or equivalent field. - Required.
• 5+ Years Experience in information security, governance, IT audit, or risk management. - Required.
• 5+ Years SAS experience. - Required.
• Understanding of regulatory expectations related to technology and cyber risk (e.g., OCC, FFIEC, DORA, SOX, NYS DFS).
• Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
• Working knowledge of security systems or tools such as Qualys, AlgoSec, Microsoft SCCM, Ansible, Red Hat Satellite, ServiceNow (SNOW), CMDB, etc.
• Proven ability to work in a team environment.
• Possess the ability to perform under pressure in a challenging environment.
• A hunger to learn and take on challenging opportunities, contributing to the success of the information security team.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
• Certifications: CompTIA Security+, CompTIA Network+, CISSP

Nice To Haves

• Experience in the following areas is considered a plus:
• Support oversight of Network Security controls, including firewalls, proxy, Intrusion Prevention Systems (IPS), VPN, Web Application Firewall (WAF), and Network Access Control (NAC), across on-premises and cloud environments
• Conduct periodic reviews of firewall, proxy, and VPN configurations in accordance with Santander US standards and processes
• Review firewall configurations to ensure inbound and outbound traffic is limited to what is necessary for business purposes, and that all other traffic is explicitly denied and logged
• Familiarity with network segmentation, access control principles, and secure rule lifecycle management

Responsibilities

• Create vulnerability scanning schedules and perform scans on a periodic and ad hoc basis to identify vulnerabilities
• Conduct vulnerability assessments on IT infrastructure, applications, and related information assets
• Support the operation and governance of the vulnerability management lifecycle
• Analyze and prioritize vulnerabilities using the Common Vulnerability Scoring System (CVSS), threat intelligence, exploitability, and business context
• Identify gaps and risks and drive remediation through closure within established timeframes
• Partner with infrastructure, application, cloud, and business teams to validate findings and support remediation planning
• Track remediation progress, escalate aging issues, and support risk acceptance processes when needed
• Establish, track, and report key vulnerability management metrics (e.g., scan coverage, SLA adherence, critical vulnerability aging)
• Participate in change request reviews assessing security risk and recommend solutions
• Perform risk assessments and/or control gap analysis against Information Security Policies and Standards
• Collaborate with technology teams to advise on secure implementation of solutions across the Santander environment
• Provide security input during solution design and change activities, ensuring controls are embedded early in the delivery lifecycle
• Translate information security requirements into practical, business-aligned guidance for partner teams
• Support automation of repetitive security and audit-related tasks using scripting tools and prompt engineering techniques
• Implement book-of-work projects and initiatives within scope, on time, and within budget
• Establish and maintain appropriate governance forums and escalation paths
• Manage and monitor technology, audit, and regulatory risk through governance, oversight, reporting, and training initiatives
• Partner with examiners and auditors on technology examinations, gathering information and responding to findings