Technology/Cyber RCSA Lead, Sr Associate

About The Position

Requirements

• Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or related field.
• Overall professional experience of 5-10 years or more in in Technology Risk Management, Cybersecurity Risk, IT Audit, or Operational Risk within financial services.
• Demonstrated hands-on experience in testing and validating technology and cyber controls within the RCSA framework.
• Exposure to coordinating risk/control assessment activities and project management practices (PMO experience a plus).
• Experience within a highly regulated environment such as the financial services industry
• Experience performing process assurance activities
• Strong knowledge of IT and cybersecurity risks, including IT general controls, identity and access management, network security, cloud, and application security.
• Familiarity with industry frameworks and standards such as NIST, ISO 27001, COBIT, ITIL, CIS Controls.
• Understanding of regulatory expectations related to technology and cyber risk (e.g., OCC, FFIEC, PRA, EBA, DORA).
• Structured, detail-oriented, and analytical, with the ability to balance execution and coordination.
• Strong communication and stakeholder engagement skills, capable of interfacing with both technical and non-technical teams.
• Proactive and organized, able to manage competing priorities in a fast-paced environment.
• Strong risk, process, and control validation and/or assessment skills.
• Advanced knowledge of technical risk management best practices and how to implement them.
• A team player who can coordinate and drive consensus among different teams and stakeholders having varying view points
• Ability to convey a sense of urgency and drive issues/projects to closure.

Nice To Haves

• Master's Degree in related disciplines.
• Professional certifications are strongly desirable: CISA, CRISC, CISSP, CISM, CCAK, or PMP.
• Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.

Responsibilities

• Technology & Cyber RCSA Validation : Execute and coordinate independent validation of technology and cybersecurity RCSAs, including IT general controls, infrastructure, application, and cyber-specific controls.
• Review and challenge control design, test results, and effectiveness assessments
• Provide guidance and oversight to the team performing validations, ensuring technical accuracy and adherence to methodology.
• Stakeholder Coordination & Engagement: Partner with technology teams, cyber risk/control owners, and first-line functions to coordinate RCSA second line validation activities.
• Ensure validation findings and control gaps are documented, communicated, and addressed in a timely manner.
• Support engagement with senior technology and risk stakeholders to escalate material findings.
• Structured Delivery & PMO Support: Apply structured project management skills to plan, monitor, and track validation activities.
• Develop and maintain validation schedules, manage dependencies, and ensure deliverables are completed on time.
• Contribute to playbooks, templates, and methodologies specific to technology and cyber RCSA Second line validation.
• Governance & Reporting: Support the preparation of reporting, dashboards, and metrics on validation activities.
• Ensure validation documentation is complete, accurate, and audit-ready.
• Provide insights and updates to risk committees, governance forums, and management.

Benefits

• Santander Benefits - 2025 Santander OnGoing/NH eGuide (foleon.com)