Sr. Associate, Information Security

About The Position

Requirements

• Bachelor's or undergraduate degree in Information Systems or Information Technology or equivalent work experience in Information Technology, Information Systems, or equivalent field.
• Preferably 9+ years' experience in information security, information technology, governance, IT audit, patch management, vulnerability management, penetration testing, risk management or similar areas.
• Experience with risk assessments and compliance with major regulatory initiatives (e.g., SOX, NYDFS).
• Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
• Working knowledge of security systems or tools such as Qualys, Microsoft SCCM, Ansible, Red hat satellite, Service Now (SNOW), CMDB.
• Possess the ability to perform under pressure in a challenging environment.
• A hunger to learn and take on challenging opportunities contributing to the success of information security team.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
• Proven ability to work in team environment.
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.

Responsibilities

• Protects the Company, customers, and employees by mitigating and identifying technology threats to Santander.
• Create vulnerability scanning schedule and perform scans on a periodic and on an ad Hoc basis to identify vulnerabilities.
• Conducts vulnerability assessment on the target IT Infrastructure, applications, and related information assets.
• Build a monthly scan plan for the vulnerability scanning team to ensure that vulnerability scans are performed on all assets noted in Configuration Management Database (CMDB).
• Identify vulnerabilities to be analyzed and prioritized based on the Common Vulnerability Scoring System (CVSS).
• Identify and monitor threats and vulnerabilities using threat intelligence.
• Designs, builds, maintains, and supports the company's information security program.
• Deploys solutions and secure information assets.
• Provides expertise for cyber security technical and non-technical solutions; review and provide guidance enabling business system delivery in a manner that adheres to information security policy.
• Identifies and incorporates security capability requirements into security strategy.
• Establishes, tracks, and reports on key metrics.
• Participates in change request reviews to assess security risk and recommend solutions.
• Manages and monitors technology, audit and regulatory risk through governance, oversight, reporting and training initiatives / programs including management of audit and regulatory findings, regulatory reviews, process and strategic risk & control self-assessment, and key risk indicator program.
• Work closely with the Local and Global Information Technology and Information Security teams and Business Owners to address any open vulnerabilities, regulatory requirements, or concerns to mature the information security program.
• Perform risk assessments and/or control gap analysis against Information Security Policies and Standards.
• Performs technical security assessments (e.g., Windows, UNIX, firewalls, routers, oracle, SQL server, etc.).
• Provides direction and act as an escalation point on projects and issues to other team members.

Benefits

• 401k
• health_insurance
• dental_insurance
• vision_insurance
• paid_holidays
• paid_volunteer_time
• tuition_reimbursement
• employee_stock_purchase_plan