Technology Controls Tester - 2001985 Description
The Sr Associate, Business Control & Risk Management provides centralized support through internal process review, quality audits, and testing to ensure operational risks are appropriately identified and controls are working as designed. As a first line of defense, s/he tests business processes and controls, identifies gaps within processes, tracks error trends and documents results in appropriate operational system. The Specialist, Business Control identifies, responds and/or escalates risks as appropriate. Essential Functions:
- Annually, execute Risk and Control Self-Assessment (RCSA) program in accordance with enterprise methodology.
- Acts as a liaison with Risk and Compliance or second line of defense- to develop and implement new policy requests/revisions, to complete all line of business related risk assessments, risk mandates, continuity plans, resolution plans and execution.
- Analyzes, evaluates and provides strategic guidance and direction for programs, policies and procedures to ensure alignment with regulatory requirements and acceptable risk mitigation practices.
- Test appropriate controls and procedures reflecting the standards set forth in the policies and Regulations while accounting for risks inherent in the products, services, types of customers, locations of customers, and functions of the Business Unit.
- Lead teams during the field work in testing the design of the controls and operating effectiveness of the controls.
- Develops implements and monitors compliance program and controls for the assigned area. Identifies gaps in controls, proposes solutions, and implements corrective actions,
- Documents, evaluates and, where appropriate, improves policies, practices and procedures.
- Assists with developing, managing and enforcing standard processes, tools, protocols, audit requests with internal and external stakeholders to meet project objectives.
- Acquires and applies a developing understanding of risk and control issues within the business.
- Looks for process improvements and efficiencies and makes recommendations to improve policy and procedures.
- Reports to management on regulatory developments and risks/issues identified within assigned technology area. Regularly provides reports/updates to management team on progress.
Education & Certification -
- Bachelor's Degree or equivalent work experience
- CISA/CISSP/CRISC/Security+, Network +, or CCNA Certification (at least one certification desired)
Experience and Technical Skill-
- 5-7 years Risk Management or equivalent experience
- Data Analytics
Skills & Abilities -
- Prior experience with Risk and Control Self-Assessment (RCSA) / Cyber-risk assessment / Cyber security assessment / SOX testing is required.
- Develop and document test procedures and/or document recommendations for test plan modifications that improve validation of control objectives. Test procedure development may cover a wide range of technically diverse topics ranging from IP Network Discovery, access management, network security/operation, vulnerability management, Information Security, SDLC, Backup and others.
- Knowledge and understanding of basic concepts of technology areas across municipal technology platforms including Windows, LINUX, Network and IT Operations, and Virtualization to assess and test technology/info sec controls. (Must be knowledgeable in at least few of these areas).
- Data analysis skills and ability to develop scripts to gather data required for control testing/assessment. Automate Testing procedure where possible.
- Perform multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level testing. Obtain, review, and interpret evidence provided to validate controls are performed effectively and identify vulnerabilities, gaps, or control deficiencies . Identify risks associated with control failures and supports the identification of mitigating controls .
- Ability to accurately document control testing results in sufficient details.
- Big 4 experience is desired.
- Excellent presentation, interpersonal, written and verbal communication skills.
- Foundational understanding of regulations including internal controls, Sarbanes-Oxley (SOX), SOC, PCI, GLBA, and NYDFS compliance.
- Knowledgeable in applicable frameworks including NIST Cybersecurity Framework, COBIT, COSO, ITIL, etc.
- Strong process facilitation, project management, and analytical skills.
- Understanding of the products/services, systems, and associated risks/controls.
- Knowledge of Risk/Compliance/Audit competencies.
- Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations.
#LI-PP1 At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply. Job:
Business Control Primary Location:
Massachusetts-Dorchester-2 Morrissey Boulevard - 06367 - Columbia Park-Corp Organization:
Technology (5900) Schedule:
Full-time Job Posting:
Jul 16, 2020, 6:21:49 PM
AN EQUAL OPPORTUNITY EMPLOYER M/F/Vet/Disabled/SO