Associate – Technology & Cyber Risk Management RCSA Validation

Associate – Technology & Cyber Risk Management RCSA Validation

Country: United States of America

Your Journey Starts Here:

Santander is a global leader and innovator in the financial services industry. We believe that our employees are our greatest asset. Our focus is on fostering an enriching journey that empowers you to explore diverse career opportunities while nurturing your personal growth. We are committed to creating an environment where continuous learning and development are prioritized, enabling you to thrive both professionally and personally. Here, you will find ample opportunities to connect and collaborate with talented colleagues from around the world, sharing insights and driving innovation together. Join us at Santander, where you are supported by a culture of engagement and a commitment to your success.

An exciting journey awaits, if you are interested in exploring the possibilities We Want to Talk to You!

The Difference You Make:

We are seeking an Associate to join our Technology & Risk Management team (Second Line of defense) with a focus on Risk and Control Self-Assessment (RCSA) validation. This role will be responsible for executing in-depth validations of technology and cybersecurity risk/control assessments, ensuring consistency, accuracy, and compliance with internal and regulatory standards.

Essential Functions:

Perform independent validation and challenge of Technology and Cyber RCSA assessments completed by the First Line of Defense (FLOD), ensuring completeness, accuracy, and adherence to Risk Management policies and procedures.

• Review and challenge the Risk and Control Matrix (RCM) for technology and cyber domains, confirming that key risks (e.g., cybersecurity, data integrity, system availability, change management) are adequately identified and mitigated.
• Provide second line oversight of FLOD control testing programs by evaluating the adequacy of control design, evidence of operating effectiveness, and accuracy of control test results conducted by the FLOD.
• Challenge and validate risk and control ratings
• Partner with Risk Management team and other second line functions to ensure alignment between RCSA results, key metrics, and ICT risk appetite.
• Support development and continuous improvement of SLOD RCSA validation methodologies, templates, and tools tailored to technology risk and cyber controls.
• Provide periodic reporting to TRM leadership, governance committees on validation outcomes, control effectiveness.
• Contribute to awareness and training initiatives to strengthen the program.
• Ensure documentation of validation activities meets internal audit and regulatory expectations, supporting a robust control assurance framework.

What You Bring:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education:

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or related field.
• Master's Degree in related disciplines. Pref
• Professional certifications are strongly desirable: CISA, CRISC, CISSP, CISM, CCAK, or PMP.

Work Experience:

• Overall professional experience of 5+ years or more in in Technology Risk Management, Cybersecurity Risk, IT Audit, or Operational Risk within financial services.
• Demonstrated hands-on experience in testing and validating technology and cyber controls within the RCSA framework.
• Strong knowledge of ICT risk domains (e.g., cybersecurity, system availability, change management, data integrity, third-party risk).
• Experience within a highly regulated environment such as the financial services industry
• Experience performing process assurance activities

Technical Skills:

• Strong knowledge of IT and cybersecurity risks, including IT general controls, identity and access management, network security, cloud, and application security.
• Familiarity with industry frameworks and standards such as NIST, ISO 27001, COBIT, ITIL, CIS Controls.
• Understanding of regulatory expectations related to technology and cyber risk (e.g., OCC, FFIEC, PRA, EBA, DORA).

Competencies and Abilities:

• Structured, detail-oriented, and analytical, with the ability to balance execution and coordination.
• Strong communication and stakeholder engagement skills, capable of interfacing with both technical and non-technical teams.
• Proactive and organized, able to manage competing priorities in a fast-paced environment.
• Strong risk, process, and control validation and/or assessment skills.
• Advanced knowledge of technical risk management best practices and how to implement them.
• A team player who can coordinate and drive consensus among different teams and stakeholders having varying view points
• Ability to convey a sense of urgency and drive issues/projects to closure.

Certifications:

• CISA, CRISC, CISSP, CISM, CCAK, or PMP

It Would Be Nice For You To Have:

• Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.
• Experience in Microsoft Office products.

What Else You Need To Know:

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

$69,375.00 USD$117,500.00 USD

Link to Santander Benefits:

Santander Benefits - 2025 Santander OnGoing/NH eGuide (foleon.com)

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions:

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required.

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next:

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at TAOps@santander.us to discuss your needs.