Protect the Company, customers, and employees by identifying and mitigating technology threats to Santander
Support and strengthen Santander’s vulnerability management program through scanning, analysis, prioritization, and remediation tracking
Help identify security risks, configuration gaps, and control weaknesses across infrastructure, applications, and cloud services
Partner with technology and business teams to drive timely remediation and improve security posture
Gain exposure to regulatory expectations and enterprise security operations
Build a strong foundation in cyber risk management, with optional growth into network security disciplines
Create vulnerability scanning schedules and perform scans on a periodic and ad hoc basis to identify vulnerabilities
Conduct vulnerability assessments on IT infrastructure, applications, and related information assets
Support the operation and governance of the vulnerability management lifecycle
Analyze and prioritize vulnerabilities using the Common Vulnerability Scoring System (CVSS), threat intelligence, exploitability, and business context
Identify gaps and risks and drive remediation through closure within established timeframes
Partner with infrastructure, application, cloud, and business teams to validate findings and support remediation planning
Track remediation progress, escalate aging issues, and support risk acceptance processes when needed
Establish, track, and report key vulnerability management metrics (e.g., scan coverage, SLA adherence, critical vulnerability aging)
Participate in change request reviews assessing security risk and recommend solutions
Perform risk assessments and/or control gap analysis against Information Security Policies and Standards
Collaborate with technology teams to advise on secure implementation of solutions across the Santander environment
Provide security input during solution design and change activities, ensuring controls are embedded early in the delivery lifecycle
Translate information security requirements into practical, business-aligned guidance for partner teams
Support automation of repetitive security and audit-related tasks using scripting tools and prompt engineering techniques
Implement book-of-work projects and initiatives within scope, on time, and within budget
Establish and maintain appropriate governance forums and escalation paths
Manage and monitor technology, audit, and regulatory risk through governance, oversight, reporting, and training initiatives
Partner with examiners and auditors on technology examinations, gathering information and responding to findings

Requirements

Bachelor's Degree or equivalent work experience: Computer Science or equivalent field
5+ Years Experience in information security, governance, IT audit, or risk management
5+ Years SAS experience
Understanding of regulatory expectations related to technology and cyber risk (e.g., OCC, FFIEC, DORA, SOX, NYS DFS)
Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.)
Working knowledge of security systems or tools such as Qualys, AlgoSec, Microsoft SCCM, Ansible, Red Hat Satellite, ServiceNow (SNOW), CMDB, etc.
Proven ability to work in a team environment.
Possess the ability to perform under pressure in a challenging environment.
A hunger to learn and take on challenging opportunities, contributing to the success of the information security team.
Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
Certifications: CompTIA Security+, CompTIA Network+, CISSP

Benefits

Competitive rewards package
Support for you, your family, and your well-being

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

vulnerability managementvulnerability assessmentsrisk assessmentscyber risk managementconfiguration analysisCommon Vulnerability Scoring System (CVSS)security program managementaudit-related tasks automationinformation security policiescontrol gap analysis

Soft Skills

team collaborationability to perform under pressurepersonal accountabilityprioritizationownershipsense of urgencycommunicationproblem-solvingadaptabilityattention to detail

Certifications

CompTIA Security+CompTIA Network+CISSP