Manager of IT Infrastructure RCSA

Dallas, United States of America

The Manager of IT Infrastructure RCSA within the first line of defense, Business Control & Risk Management team, is accountable leading the Infrastructure Technology Risk and Control Self-Assessment.

The Manager will have a team that works to identify, assess and test various Information Technology (IT) risks and controls through the defined risk program requirements. The Manager will oversee the evaluation of key IT processes, review internal control/quality reports and participate in risk initiatives and lead opportunities for improved efficiency, effectiveness and/or efforts to reduce exposure to top/material technology risks. S/he supports and monitors IT’s adherence with corporate policies and procedures including regulatory/legal obligations.

The Manager provides leadership within the Business Control & Risk Management team(s) and IT and must be able to effectively lead and collaborate with various stakeholders while influencing strategic goals.

This Hybrid role can be located in any of our Santander US offices in Dallas, Boston, NY, or Miami and will be required to come into the office 3x’s a week.

Essential Functions/Responsibility Statements:

• Drive Risk Culture: Establishes expectations, ownership and accountability for risk management within the Business Line (IT). Ensure awareness in the Business Line (IT) of risk frameworks, policies and standards.

• Communication: Act as central point of contact for receipt and distribution of risk related information between SLoD risk teams and Business Line (IT). Maintain two-way communications with SLoD. Facilitate training for Business Line (IT) to provide awareness of risk frameworks, policies, programs, processes, etc.

• People Manager: The manager must manage their team for training, compliance, capacity and personnel issues.

• Adherence to Risk Frameworks, Policies, and Standards: Partner with SLoD to provide input/review of frameworks, policies and standards. Facilitate Business Line (IT) awareness of and adherence to risk frameworks, policies, and standards through internal control testing and issue validation. Report and escalate exceptions and facilitate Business Line (IT) corrective actions.

• Continuous Monitoring: Continuously monitors all sources of risk existing within the Business Line (IT) and externally. Engage in research, peer networking, and experience to anticipate critical risk issues impacting the Business Line (IT). Monitor Key Risk Indicators and report on negative/adverse trends in Business Line (IT). Monitor risk profile to maintain tolerance within Risk Appetite.

• Issue Identification, Management, and Risk Assessment: Conduct IT RCSA responsibilities including Process Mapping, Risk & Control Matrices, Inherent Risk Assessments, and IT Control testing. Engage and hold Business Line (IT) process owners accountable to identify and assess risks. Support Business Line (IT) in risk identification. Ensure all issues pertaining to the Business Line (IT) are resolved within established timelines. Validate issues to ensure Business Line (IT) remediation is sufficient to address root cause and prevent recurrence.

• Internal Control Testing: Implement and maintain internal control testing and control effectiveness monitoring in the Business Line (IT). Validate the adequacy of controls, escalate deficiencies as appropriate. Identify root causes of control deficiencies/weaknesses and take appropriate action to ensure Business Line (IT)s remediate and prevent recurrence.

• Exam Management: Liaison with the Business Line (IT) for all exam related activities including regulatory, Internal Audit, etc. Review materials, responses and validate Business Line (IT) remediation work (e.g., artifacts, action plans, etc.) Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education:

• Bachelor's Degree or equivalent work experience in Information Technology, Business, Risk Management, or equivalent field.

• Master's Degree in Information Technology, Business, Risk Management, or equivalent field. (Pref) Licenses & Certifications

• Preferred Professional Certification such as CRISC, CISA, CISSP Work

Experience:

• 10+ years within IT Audit or IT RCSA programs

• Previous management experience managing small teams Skills and Abilities:

• Proven ability to provides strategic guidance and direction for programs, policies, and procedures to ensure alignment with regulatory requirements and acceptable risk mitigation practices.

• Experience Independently developing and documenting test procedures and/or documenting recommendations for test plan modifications that improve validation of control objectives. Test procedure development may cover a wide range of technically diverse topics ranging from IP Network Discovery, access management, network security/operation, vulnerability management, Information Security, SDLC, Backup and others.

• Should have extensive experience testing IT controls across multiple IT domains and evaluating both automated and manual controls related to Information Security or IT infrastructure domains.

• Experience with Automated Test cases

• Experience in both a cloud and legacy hardware environment

• Ability to work on multiple concurrent assessments.

• Ability to work under pressure and meet deadlines.

• Strong risk assessment, negotiation and problem resolution skills.

• Strong collaboration and relationship management skills.

• Self-starter, able to establish relationships and transcend multiple cross-functional/divisional boundaries, largely unaided.

• Proven ability to apply strategic thinking to multiple, complex organizational and business issues, and has ability to translate into practical plans for project execution.

• Project management skills.

• Knowledge and working understanding of additional auditing standards, theories, concepts, and terms (including Sarbanes-Oxley, COBIT and the COSO Integrated Control Framework)

• High sense of urgency with ability to drive results.

• High proficiency in PowerPoint, Word and Excel.

• Excellent verbal and written communication/presentation skills.

Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.

Employer Rights: This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason

Bachelor of Science (BS) English

Primary Location: Dallas, TX, Dallas

Other Locations: Texas-Dallas,Florida-Coconut Grove,Massachusetts-Boston

AN EQUAL OPPORTUNITY EMPLOYER M/F/Vet/Disabled/SO