Senior Associate, Cloud Risk Management
Company: Santander Holdings USA Inc
Location: Boston
Posted on: October 19, 2024
Job Description:
Senior Associate, Cloud Risk ManagementDallas, United States of
AmericaUSA Job Family Description: Monitors activities to minimize
the company's exposure to technology and information risk
associated with the adoption and deployment of cloud technologies.
Activities may include technical risk analysis, risk identification
and remediation. Represents or supports the reputation of the
company to minimize compliance and regulatory risk by resolving
issues and ensuring adherence to regulatory requirements, industry
good practice frameworks and company and legal standards.
Responsible for ensuring that all of the company's activities
adhere to the necessary rules and regulations, and that the company
complies with legal/regulatory statutes and jurisdictions.USA Job
Function Description: The Senior Associate, Cloud Risk Management
within the Technology and Information Risk Management organization
reports to the Director - Emerging Technology Risk and is
responsible for ongoing oversight, assessment, management and
reporting of technology and cybersecurity risks associated with the
adoption and implementation of Cloud, across all operating
entities. This role is established in the second line of defense
and requires collaboration across IT, CISO, Data Office,
Operational Risk, Internal Audit and other relevant functional
stakeholders within the organization in the management of Emerging
Technology risks. An excellent understanding of the evolving
regulatory landscape in the US and EU are vital for success in this
role.The day-to-day focus may vary depending on the requirements of
the overall second line of defense program priorities directed by
the Head of Technology Risk and may include: planned or ad-hoc
technical risk reviews, technical review of cloud security
architectures, review and challenge activities of IT or Business
initiatives, Risk reporting, development as well as review and
challenge of technical risk framework and methodologies.Essential
Functions/Responsibility Statements:
- Establish themselves as the second line of defense subject
matter expert on Cloud technology and security risk management
- Identify and assess technology and cybersecurity risks
associated with the adoption and deployment of Cloud, on risk
management issues to ensure awareness and accountability for
emerging technology risks
- Participate in the independent and ongoing risk oversight of
key technology components of the firm's digital transformation
initiatives.
- Participate in evaluation of new products / Business changes /
projects and assess related emerging technology risks and impact to
the technology risk profile
- Participate in the evaluation and management of risks related
to third-party suppliers involved in technology projects related to
the deployment of emerging technology or where emerging
technologies introduced by third parties are a key component of the
business activities
- Perform review and challenge of first line of defense risk
management processes, data and outcomes (e.g. risk assessments,
control evaluations, risk metrics, mitigation plans, risk
acceptances etc.) and communicate risk opinions at various levels
of management
- Analyze risk data from various sources (e.g. external events,
control deficiencies, risk register etc.) to identify and measure
levels of risk, concentration, trends and patterns
- Support process for constructive engagement across the Lines of
Defense regarding differences or conflicts in risk appetite, risk
metric determination or evaluation, issue severity or other areas
of dispute
- Advises on remediation of regulatory findings, correction of
any inconsistencies and monitors resolution
- Prepare information to enable governance committees / working
groups in the management oversight of Cloud risks
- Initiate timely escalations to the Technology Risk leadership
team
- Work across the lines of defense to recommend strategies that
effectively treat risks within the risk appetiteQualifications: To
perform this job successfully, an individual must be able to
perform each essential duty satisfactorily. The requirements listed
below are representative of the knowledge, skill, and/or ability
required. Reasonable accommodations may be made to enable
individuals with disabilities to perform the essential
functions.Education:
- Bachelor's Degree in a technical discipline or equivalent work
experience: Computer Science, Information Technology, Information
Systems, Information Security. Req
- Master's Degree in related technical disciplines. Pref
- Professional Certifications in Cloud Security. Req.
- Professional Certifications in one or more Emerging technology
areas. PrefWork Experience:
- Practitioner experience in Cloud Security Risks with expertise
in securing cloud environments (AWS pref) and understanding cloud
service models (IaaS, PaaS, SaaS)
- In-depth knowledge of cloud computing platforms such as AWS
(Pref) / IBM / GCP / Azure
- Cloud Networking standards and best practices
- Overall professional experience of 5+ years or more in Cloud
architect or risk management roles in a matrix organization
- Experience within a highly regulated environment such as the
financial services industry
- Experience performing Cloud assurance activitiesTechnical
Skills:
- Cloud Security Architecture
- Hybrid network interconnectivity with on-premises data centers
and cloud resources
- Experience with containerization technologies such as Docker
and Kubernetes, including securing Kubernetes clusters and
containerized workloads
- Identity and Access Management design, including hybrid
IAM
- Cloud security standards and best practices, including secure
access, PAM, hybrid credential management, SSO, federated IAM,
etc.
- Secure Application Development / DevSecOps /
Containerization
- Familiarity with microservices security principles and best
practices
- Encryption / Tokenization
- Identity and Access Management
- Software-as-a-Service PlatformsCompetencies and Abilities:
- Demonstrated expertise and track record in Cloud risk
management, and ability to perform at an advanced level of
competence.
- Strong risk, process, and control validation and/or assessment
skills.
- Advanced knowledge of technical risk management best practices
and how to implement them.
- A keen sense of attention to details with a passion for
impeccable documentation while having the ability to multi-task and
adapt/adjust to multiple demands and competing priorities
- A team player who can coordinate and drive consensus among
different teams and stakeholders having varying view points
- Ability to convey a sense of urgency and drive issues/projects
to closure.
- Excellent written and oral communication skills.
- Excellent analytical, organizational and project management
skills.Diversity & EEO Statements: At Santander, we value and
respect differences in our workforce and strive to increase the
diversity of our teams. We actively encourage everyone to
apply.Santander is an equal opportunity employer. All qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, sexual orientation, gender identity,
national origin, genetics, disability, age, veteran status or any
other characteristic protected by law.Working Conditions: Frequent
Minimal physical effort such as sitting, standing and walking.
Occasional moving and lifting equipment and furniture is required
to support onsite and offsite meeting setup and teardown.
Physically capable of lifting up to fifty pounds, able to bend,
kneel, climb ladders.Employer Rights: This job description does not
list all of the job duties of the job. You may be asked by your
supervisors or managers to perform other duties. You may be
evaluated in part based upon your performance of the tasks listed
in this job description. The employer has the right to revise this
job description at any time. This job description is not a contract
for employment and either you or the employer may terminate at any
time for any reason.
Primary Location: -Dallas, TX, Dallas
Other Locations: -Texas-Dallas,Massachusetts-Boston
Organization: -Santander Holdings USA, Inc.
Keywords: Santander Holdings USA Inc, Newton , Senior Associate, Cloud Risk Management, Executive , Boston, Massachusetts
Didn't find what you're looking for? Search again!
Loading more jobs...