Risk Management Analyst
Sr Analyst, IT Controls and Risk Management Req ID: oaCVcfwD Date posted 06/23/2020
The Sr Analyst, Business Control & Risk Management provides centralized support through internal process review, quality audits, and testing to ensure operational risks are appropriately identified and controls are working as designed. As a first line of defense, s/he tests business processes and controls, identifies gaps within processes, tracks error trends and documents results in appropriate operational system. The Specialist, Business Control identifies, responds and/or escalates risks as appropriate.
- Annually, executed Risk and Control Self-Assessment (RCSA) program in accordance with enterprise methodology.
- Acts as a liaison with Risk and Compliance or second line of defense- to develop and implement new policy requests/revisions, to complete all line of business related risk assessments, risk mandates, continuity plans, resolution plans and execution.
- Analyzes, evaluates and provides strategic guidance and direction for programs, policies and procedures to ensure alignment with regulatory requirements and acceptable risk mitigation practices.
- Develops and implements appropriate controls and procedures reflecting the standards set forth in the policies and Regulations while accounting for risks inherent in the products, services, types of customers, locations of customers, and functions of the Business Unit.
- Develops implements and monitors compliance program and controls for the assigned area. Identifies gaps in controls, proposes solutions, and implements corrective actions,
- Documents, evaluates and, where appropriate, improves policies, practices and procedures.
- Assists with developing, managing and enforcing standard processes, tools, protocols, audit requests with internal and external stakeholders to meet project objectives.
- Acquires and applies a developing understanding of risk and control issues within the business.
- Looks for process improvements and efficiencies and makes recommendations to improve policy and procedures.
- Reports to management on regulatory developments and risks/issues identified within assigned technology area. Regularly provides reports/updates to management team on progress.
Education & Certification -
- Bachelor's Degree or equivalent work experience
- CISA/CISSP/CRISC/Security+, Network +, or CCNA Certification (at least one certification desired)
Experience and Technical Skill–
- 2-3 years Risk Management or equivalent experience
- Data Analytics
Skills & Abilities -
- Prior experience with Risk and Control Self-Assessment (RCSA) / Cyber-risk assessment / Cyber security assessment / SOX testing is required.
- Develop and document test procedures and/or document recommendations for test plan modifications that improve validation of control objectives. Test procedure development may cover a wide range of technically diverse topics ranging from IP Network Discovery, access management, network security/operation, vulnerability management, Information Security, SDLC, Backup and others.
- Knowledge and understanding of basic concepts of technology areas across municipal technology platforms including Windows, LINUX, Network and IT Operations, and Virtualization to assess and test technology/info sec controls. (Must be knowledgeable in at least few of these areas).
- Data analysis skills and ability to develop scripts to gather data required for control testing/assessment. Automate Testing procedure where possible.
- Perform multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level testing. Obtain, review, and interpret evidence provided to validate controls are performed effectively and identify vulnerabilities, gaps, or control deficiencies. Identify risks associated with control failures and supports the identification of mitigating controls.
- Ability to accurately document control testing results in sufficient details.
- Big 4 experience is desired.
- Excellent presentation, interpersonal, written and verbal communication skills.
- Foundational understanding of regulations including internal controls, Sarbanes-Oxley (SOX), SOC, PCI, GLBA, and NYDFS compliance.
- Knowledgeable in applicable frameworks including NIST Cybersecurity Framework, COBIT, COSO, ITIL, etc.
- Strong process facilitation, project management, and analytical skills.
- Understanding of the products/services, systems, and associated risks/controls.
- Knowledge of Risk/Compliance/Audit competencies.
- Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations.
At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Employees desiring consideration should complete an online application, utilizing the appropriate process as subscribed by the posting entity. Employees should provide all pertinent information to support their candidacy.
To be considered eligible for internal posting, Santander employees must meet all of the following eligibility requirements:
- Completion of at least one year of active service in Santander
- Completion of at least twelve months in current position
- Be in "Good Standing"
Please click here to see the full policy -
Share this job
Featured Jobs Your Jobs Saved Jobs
You currently have no jobs saved.
Recent Jobs Work in Dallas
Check out where you could be working if you apply.
Get the Scoop
Keep your finger firmly on the pulse. Sign up, and you'll receive news, updates and alerts for the newest Santander roles as they become available.