Director, Cyber and Digital Risk Management

Director, Cyber and Digital Risk Management

Country : United States of America

Your Journey Starts Here :

Santander is a global leader and innovator in the financial services industry. We believe that our employees are our greatest asset. Our focus is on fostering an enriching journey that empowers you to explore diverse career opportunities while nurturing your personal growth. We are committed to creating an environment where continuous learning and development are prioritized, enabling you to thrive both professionally and personally. Here, you will find ample opportunities to connect and collaborate with talented colleagues from around the world, sharing insights and driving innovation together. Join us at Santander, where you are supported by a culture of engagement and a commitment to your success.

An exciting journey awaits, if you are interested in exploring the possibilities We Want to Talk to You!

The Difference You Make :

The Director, Cyber and Digital Risk Management m onitors activities to minimize the company's exposure to information security risks. Activities may include 2nd line of defense independent assurance over technical cyber risk analysis, risk identification and remediation. The incumbent shall support the preservation of digital trust and ensure that the oversight is adequate to minimize compliance and regulatory risk by resolving issues and ensuring adherence to industry good practice frameworks, company and legal standards. The Director is responsible for ensuring that the company's activities adhere to the necessary rules and regulations, and that the company complies with legal / regulatory statutes and jurisdictions, as they relate to the management of cyber and digital risks.

The Director, Cyber and Digital Risk Management at Santander US and Santander Bank NA is responsible for independent risk management and assurance activities over the assigned business area’s technology footprint covering Information Security, Cyber Resilience, Cyber Fraud and Data Security (incl. Retention and Disposal) as part of the second line of defense Technology Risk Management organization.

The incumbent develops and maintains an effective Information Security Risk oversight program that enables the assigned business area to comprehensively identify, assess, mitigate, manage, monitor and report technology risk, including performing technical risk reviews of identified domains.

This role is established in the second line of defense and requires collaboration across CISO, Data Office, IT, Operational Risk, Internal Audit and other relevant functional stakeholders within the organization in the management of Cybersecurity risks. An excellent understanding of the evolving regulatory landscape in the US and EU are vital for success in this role.

The day-to-day focus may vary depending on the requirements of the overall second line of defense program priorities directed by the Head of Technology Risk and may include : planned or ad-hoc technical risk review and challenge, review of Technology or Business initiatives, Ongoing risk monitoring activities, Risk reporting, development of technical risk framework and methodologies.

The team to support the oversight of cybersecurity risks will comprise of individuals aligned against the core coverage areas noted above. This is an individual contributor role but will require people and stakeholder management skills to operate effectively in a 2nd line of defense role in a matrix organization.

Key Responsibilities :

• Establish themselves as the second line of defense subject matter expert for key stakeholders in the management of cybersecurity and technology risks across all operating entities
• Prepare information to enable governance committees / working groups in the management oversight of cybersecurity and technology risks
• Participate in relevant governance committees and working groups as a delegate of the Head of Technology, including the Operational Risk Committee, Technology Executive Working Group, Information Security & Data Management Committee, Architectural Review Board, AI Enablement Working Group
• Initiate timely escalations to the Sr. Director, Cyber & Digital Risk and to the leadership team
• Identify and assess cybersecurity risks and counsel business units managers, CISO and / or IT GRC stakeholders on risk management issues to ensure awareness and accountability for cybersecurity risks
• Oversee ongoing oversight of the firm’s information risk footprint through ongoing monitoring, formal review and challenge activities, targeted risk reviews, technology policy and standard assurance, and other activities e.g., transformation review and challenge.
• Contribute to the updating of existing policies and framework or develop new ones that steer the safe and sound adoption of technologies across the organization
• Participate in the independent and ongoing risk oversight of key technology components of the firm’s digital transformation initiatives.
• Implement and sustain independent risk oversight coverage of the cloud operating platform and vendor software development activities.
• Work across the lines of defense to recommend strategies that effectively treat risks within the risk appetite
• Monitor external trends and evaluate potential impacts to business strategy; provide documented analytical insights of the risk horizon, while ensuring a sound operational and compliance control environment through establishment of a system of effective and sustainable internal controls
• Participate in evaluation of new products / Business changes / projects and assess related information risks and impact to the cybersecurity and technology risk profile
• Participate in the evaluation and management of cybersecurity risks related to third-party suppliers involved in technology and business projects
• Advises on remediation of regulatory findings, correction of any inconsistencies and monitors resolution.
• Manage, oversee and contribute to targeted risk reviews designed to evaluate information risks and their effective and sustainable mitigation
• Perform review and challenge of first line of defense risk management processes, data and outcomes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.) and communicate risk opinions at various levels of management
• Analyze risk data from various sources (e.g. external events, control deficiencies, risk register etc.) to identify and measure levels of risk, concentration, trends and patterns
• Participate in the review and challenge of scenario for crisis management exercises, especially where there is a cyber component
• Support process for constructive engagement across the Lines of Defense regarding differences or conflicts in risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute
• Own individual delivery timelines and develop materials to ensure second line of defense independent opinion appropriately represented during committee meetings, external exams and internal audits.
• Ensure all activities and deliverables achieve their timeliness, quality and accuracy service levels.
• Collaborate with other second line of defense functions such as Operational Risk, Model Risk, Compliance etc. on common priorities and strategic initiatives
• Provides second line of defense leadership and subject matter expertise during response to major technology or cyber incidents including cyber-security related privacy events and coordinate second line of defense engagement and response of incident / crisis managers

What You Bring :

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and / or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education :

Work Experience :

Skills and Abilities :

Technical skills (incl. Tools) :

Competencies and Abilities :

Certifications :

It Would Be Nice For You To Have :

Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.

What Else You Need To Know :

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range

Minimum : $123,750.00 USD

Maximum : $225,000.00 USD

Link to Santander Benefits :

Santander Benefits - 2025 Santander OnGoing / NH eGuide (foleon.com)

Risk Culture :

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement :

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions :

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and / or furniture may be required .

Employer Rights :

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next :

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at TAOps@santander.us to discuss your needs.

Primary Location : Coconut Grove, FL, Miami Coconut Grove Corp

Other Locations : Florida-Coconut Grove,Texas-Dallas

Organization : Santander Holdings USA, Inc.