Director, Cyber and Digital Risk Management

OverviewDirector, Cyber and Digital Risk ManagementCountry : United States of AmericaYour Journey Starts Here :Santander is a global leader and innovator in the financial services industry. We believe that our employees are our greatest asset. Our focus is on fostering an enriching journey that empowers you to explore diverse career opportunities while nurturing your personal growth. We are committed to creating an environment where continuous learning and development are prioritized, enabling you to thrive both professionally and personally. Here, you will find ample opportunities to connect and collaborate with talented colleagues from around the world, sharing insights and driving innovation together. Join us at Santander, where you are supported by a culture of engagement and a commitment to your success. An exciting journey awaits, if you are interested in exploring the possibilities We Want to Talk to You!The Difference You MakeThe Director, Cyber and Digital Risk Management monitors activities to minimize the company/'s exposure to information security risks. Activities include second line of defense independent assurance over technical cyber risk analysis, risk identification and remediation. The incumbent supports the preservation of digital trust and ensures oversight is adequate to minimize compliance and regulatory risk by resolving issues and ensuring adherence to industry good practice frameworks, company and legal standards. The Director is responsible for ensuring that the company/'s activities adhere to the necessary rules and regulations and that the company complies with legal/regulatory statutes and jurisdictions as they relate to the management of cyber and digital risks.The Director, Cyber and Digital Risk Management at Santander US and Santander Bank NA is responsible for independent risk management and assurance over the assigned business area’s technology footprint covering Information Security, Cyber Resilience, Cyber Fraud and Data Security (including Retention and Disposal) as part of the second line of defense Technology Risk Management organization.The incumbent develops and maintains an effective Information Security Risk oversight program that enables the assigned business area to identify, assess, mitigate, manage, monitor and report technology risk, including performing technical risk reviews of identified domains.This role is established in the second line of defense and requires collaboration across CISO, Data Office, IT, Operational Risk, Internal Audit and other relevant functional stakeholders. A strong understanding of the evolving regulatory landscape in the US and EU is vital for success.The day-to-day focus may vary and may include planned or ad-hoc technical risk review and challenge, review of technology or business initiatives, ongoing risk monitoring activities, risk reporting, and development of technical risk framework and methodologies.The team supporting the oversight of cybersecurity risks will comprise individuals aligned against the core coverage areas noted above. This is an individual contributor role but requires people and stakeholder management skills to operate effectively in a second line of defense role in a matrix organization.Key ResponsibilitiesEstablish yourself as the second line of defense subject matter expert for key stakeholders in the management of cybersecurity and technology risks across all operating entitiesPrepare information to enable governance committees / working groups in the management oversight of cybersecurity and technology risksParticipate in relevant governance committees and working groups as a delegate of the Head of Technology, including the Operational Risk Committee, Technology Executive Working Group, Information Security & Data Management Committee, Architectural Review Board, AI Enablement Working GroupInitiate timely escalations to the Sr. Director, Cyber & Digital Risk and to the leadership teamIdentify and assess cybersecurity risks and counsel business unit managers, CISO and IT GRC stakeholders on risk management issuesOversee ongoing oversight of the firm’s information risk footprint through ongoing monitoring, formal review and challenge activities, targeted risk reviews, technology policy and standard assuranceContribute to updating existing policies and frameworks or develop new ones to steer safe adoption of technologiesParticipate in independent risk oversight of key technology components of the firm’s digital transformation initiativesImplement and sustain independent risk oversight coverage of the cloud operating platform and vendor software development activitiesWork across lines of defense to recommend risk treatment strategies within the risk appetiteMonitor external trends and evaluate potential impacts to business strategy; provide analytical insights of the risk horizon with a sound control environmentParticipate in evaluating new products / changes / projects and assess information risks and impact to cybersecurity and technology risk profileParticipate in evaluation and management of cybersecurity risks related to third-party suppliersAdvise on remediation of regulatory findings and monitor resolutionManage targeted risk reviews to evaluate information risks and their mitigationReview and challenge first line of defense risk management processes and communicate risk opinions to managementAnalyze risk data from various sources to identify risk levels, concentration, trends and patternsParticipate in crisis management exercises with a cyber componentSupport engagement across the Lines of Defense regarding risk appetite, metrics, or issue severity differencesOwn delivery timelines and develop materials to ensure independent opinion is represented in committees, external exams and internal auditsEnsure activities meet timeliness, quality and accuracy service levelsCollaborate with other second line of defense functions on priorities and strategic initiativesProvide second line of defense leadership during major technology or cyber incidents and coordinate responseWhat You BringTo perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.EducationBachelor/'s Degree in a technical discipline or equivalent work experience: Computer Science, Information Technology, Information Systems, Information SecurityMaster/'s Degree in related technical disciplines (preferred)Professional Certifications in Cybersecurity (required)Professional Certifications in Cloud Security (AWS, Azure) (preferred)Work ExperiencePractitioner and management experience in one or more areas of Cybersecurity RisksOverall professional experience of 5+ years in cybersecurity risk management roles in a matrix organizationExperience in cybersecurity risk consulting in the financial services sector or in a second line of defense role is highly preferredExperience in a highly regulated environment such as financial services and knowledge of current regulatory landscape is necessaryExperience leading high performance teamsSkills and AbilitiesStrong understanding of technology infrastructure, information security, and enterprise resilienceExperience with developing and implementing technology & cyber risk oversight programsDemonstrated leadership and ability to coordinate oversight activities across teamsKnowledge of regulatory requirements and industry best practices in technology and cybersecurity risk managementStrong leadership experienceTechnical skillsResilient Security ArchitectureIdentity and Access ManagementNetwork / Firewall ManagementVulnerability and Patch ManagementCloud Security ArchitectureSecure Application Development / ContainerizationEncryption / TokenizationData Loss PreventionSecurity Logging and MonitoringIncident Detection and Response ManagementOffensive SecurityCompetenciesDemonstrated expertise in technology risk management and ability to perform at an advanced levelAdvanced knowledge of cyber risk management best practicesAbility to engage with senior management and operational teamsRisk anticipation with attention to detail and critical thinkingExecution and solution-focused mindsetAbility to direct, train and guide peers and managementTeam player with ability to coordinate and drive consensusAbility to build relationships, influence stakeholders across lines of defenseAdaptability to new developmentsEffective communication with multiple organizational levelsCollaboration with multidisciplinary teamsAbility to multi-task and manage competing prioritiesMaintain confidentiality and convey urgency to drive issues to closureAbility to interact with executive management and vendorsSound judgement and critical thinkingExcellent written and oral communication; strong analytical, organizational and project management skillsStrong leadership and supervisory engagement skillsStrong risk, process, and control validation/assessment skillsCertificationsProfessional Certifications in Cybersecurity (required)Professional Certifications in Cloud Security (AWS, Azure) (preferred)It Would Be Nice For You To HaveEstablished work history or equivalent demonstrated through a combination of work experience, training, military service, or education.What Else You Need To KnowThe base pay range for this position is posted below and represents the annualized salary range. For hourly positions, the annual range is based on a standard 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.Base Pay RangeMinimum: Maximum:Other ProvisionsEEO Statement: Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.Working Conditions: Frequent minimal physical effort such as sitting, standing, and walking is required. Depending on location, occasional moving and lifting light equipment may be required.Employer Rights: This job description does not list all duties. The employer may revise this description at any time. This job description is not a contract for employment.What To Do Next : #J-18808-Ljbffr

Created: 2025-09-23