Head of Enterprise RCSA Testing

About The Position

Requirements

• Bachelor's Degree or equivalent work experience: Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field. - Required.
• 12+ Years Risk Management. - Required.
• 12+ Years Previous management experience. - Required.
• Extensive experience in control testing, Internal Audit, RCSA, SOX, operational risk, or technology risk within a regulated financial institution.
• Strong understanding of control design, evidence evaluation, sampling, and testing documentation standards.
• Demonstrated expertise in both Technology and Non-Technology control environments.
• Proven ability to communicate effectively with senior leaders and influence across all levels of the organization.
• Experience managing teams and driving execution in a fast-paced, highly regulated environment.
• Strong analytical and critical thinking skills.
• Excellent written and verbal communication.
• Ability to lead through influence and build strong partnerships.
• High attention to detail and commitment to quality.
• Strong planning, prioritization, and execution skills.
• Ability to manage complexity and navigate competing priorities.
• Deep understanding of modern technology environments.
• Cloud technologies (AWS, Azure, GCP) and shared responsibility models
• AI/ML risk management, including model governance, data lineage, bias detection, and monitoring.
• Cybersecurity principles: access controls, vulnerability management, secure SDLC, threat monitoring.
• Infrastructure and network controls: segmentation, disaster recovery, change management.
• Data governance and data quality controls, including privacy, retention, and classification.
• Third-party and SaaS technology risk, including SOC report evaluation and control testing.
• Use of automation, GRC platforms, and analytics tools to enhance testing quality and efficiency.
• Familiarity with major control and technology frameworks, including: NIST Cybersecurity Framework (CSF), NIST 800-53 and 800-17, ISO 27001/27002, CIS Critical Security Controls, SOC 1/SOC 2 Trust Services Criteria, COBIT Framework, FFIEC IT Handbook and guidance.

Nice To Haves

• Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.
• Experience in Microsoft Office products.
• Risk Certification - Preferred.

Responsibilities

• Lead the design, development, and execution of the enterprise-wide RCSA control testing program, including testing methodology, sampling approaches, test scripts, documentation standards, and quality assurance.
• Oversee execution of control design assessments, operating effectiveness testing, and remediation validation across Technology, Operations, Corporate Functions, and Line of Business activities.
• Identify control deficiencies, assess risk impacts, and present clear, evidence-based findings to business and technology leaders.
• Produce high-quality reporting and insights for senior management, governance committees, and risk partners, highlighting emerging themes and control environment trends.
• Partner closely with Second Line of Defense teams and Internal Audit to ensure alignment on testing expectations, issue identification, and remediation standards.
• Ensure testing practices meet or exceed regulatory requirements and internal policy standards.
• Build, lead, and develop a high-performing testing organization, fostering a culture of accountability, technical excellence, and continuous improvement.

Benefits

• Santander Benefits - 2025 Santander OnGoing/NH eGuide (foleon.com)