Sr. Director, Technology Risk

Dallas, United States of America

Position Summary

The Sr. Director, Technology Risk is accountable for all independent risk management activities over the assigned business area’s technology footprint covering core technology infrastructure, information security, and enterprise resilience as part of the second line of defense Risk organization. The incumbent develops and maintains an effective Information Risk Management program that enables the assigned business area to comprehensively identify, assess, mitigate, manage, monitor and report technology risk. The Information Risk Management (IRM) program, the key program elements of which cover: internal loss, external loss, risk assessment, business impact assessments, KRIs, scenario analysis / stress testing, training, awareness, and communication, issues and remediation planning, tracking, MIS and reporting, testing, compliance, and monitoring.

The team will comprise of individuals positioned as a center of excellence aligned against the core coverage areas noted above. Direct reports include leads assigned to core coverage areas: Technology Infrastructure, Information Security, and Risk Resilience.

Job Description

Ensures adherence to the policies and procedures established by the company. Manages policy, standard definition and monitoring of policy, standard implementation, ensuring harmonization and consistency of risk policies. Monitors and manages risk/exposure and compliance with the company's policies. Identifies, manages and reports on the company's risk areas. Evaluates the adequacy and effectiveness of data, document retention, and monitors systems.

This position is hybrid and will be in-office at least 3 days per week.

Key Responsibilities:

• Oversee ongoing oversight of the firm’s technology risk footprint through ongoing monitoring, formal review and challenge activities, targeted risk reviews, technology policy and standard assurance, and other activities e.g., transformation review and challenge.

• Lead independent risk oversight of key technology components of the firm’s digital transformation initiatives. Additionally, coordinate oversight of key emerging technology risks e.g., AI-risk.

• Implement and sustain independent risk oversight coverage of the new cloud operating platform and vendor software development activities leveraging the ORM Oversight methodology.

• Establish close partnerships with the front-line Technology GRC organization and third line Technology Audit coordinating risk engagement and insights across all lines of defense.

• Serve as key member of numerous technology governance forums including the Operational Risk Committee, Technology Executive Working Group, Information Security & Data Management Committee, Architectural Review Board, AI Evaluation Forum.

• Maintain extensive regulatory interface with the FRBB w/ regular (monthly) operating rhythms to apprise on key issues and initiatives.

• Independent assessment and challenge of the first line’s risk management and adherence to policy and standard requirements.

Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education:

• Bachelor's Degree or equivalent work experience

Work Experience:

• 12 years; Risk Management/Risk MIS

Skills and Abilities:

• Strong understanding of technology infrastructure, information security, and enterprise resilience

• Experience with developing and implementing Information Risk Management Programs

• Demonstrated leadership skills and ability to coordinate oversight activities across different teams

• Knowledge of regulatory requirements and industry best practices in technology risk management

• Strong Leadership Experience

Technical skills:

• Cloud Security Architecture Patterns

• Secure Application Development / Containerization

• Encryption / Tokenization

• Identity and Access Management

• Network / Firewall Management

• Vulnerability Management / Patching

Governance:

• ISO, COBIT, CERT, OWASP

• Fed, OCC, SEC, CFPB, FCA

Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Employer Rights: This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

Bachelor of Science (BS) English

Primary Location: Dallas, TX, Dallas

Other Locations: Texas-Dallas,New Jersey-Florham Park,Massachusetts-Boston

Organization: Santander Consumer USA Inc.

AN EQUAL OPPORTUNITY EMPLOYER M/F/Vet/Disabled/SO