Job Actions

Job Information

Business Information Security Officer (BISO)
Category: Banking
  • Your pay will be discussed at your interview

Job code: lhw-e0-90664774

Company Profile

Santander Bank, NA

Contact Company

Local Information

Laugh while you Look

Sponsored Ads


  Job posted:   Thu Jun 7, 2018
  Distance to work:   ? miles
  10 Views, 0 Applications  
Business Information Security Officer (BISO)
**Business Information Security Officer (BISO)** **-** **1803503**
Risk is present in all of Santander's activities and effective Risk Management is a critical component of the Bank's success. Through application of the Bank's Risk Framework and the continuous identification and assessment of risk, Santander seeks to ensure that all of our businesses operate inside of clearly established limits, are able to proactively quantify exposures, and take corrective action when required.
As a member of the Risk Management division, you'll be part of a diverse team of talented professionals who interact with senior risk team personnel, business managers and other Bank disciplines in order to understand business operations and dynamics, and analyze, monitor, and manage related risks.
The BISO functions as the central information security advocate for the assigned business division. They will provide cyber security risk advice and consultation to business partners; enable businesses to effectively manage risk within the company's risk appetite and meet business objectives.
The BISO will facilitate communication and execution of enterprise wide information security programs, deliver enterprise awareness training and promote corporate cyber security awareness activities.
They will support the businesses risk assessment of system applications, third parties and infrastructure and validate that security and technology controls are implemented to support business requirements. In addition, they will coordinate business continuity and disaster recovery plans and lead testing of plans and other scenario based exercises. They will achieve results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types.
The BISO will manage the development and/or implementation of significant or Bank-wide Technology Controls / Information Security strategies, policies, programs, tools and provide expert advice and guidance on technical solutions.
They will oversee control and governance activities and identify and assess potential security risks, breaches/ exposures impacting highly complex / high risk businesses or transformational (change the bank) strategic initiatives primarily interfacing with executive and/or functional stakeholders across the Bank.
The BISO is accountable for always doing the right thing for customers and colleagues, and ensures that actions and behaviors drive a positive customer experience.
**Strategy and Policy Compliance**
+ Work with LOBs to ensure cyber security-related requirements and funds are included in strategic initiatives
+ Drive cyber security specific strategic initiatives through assigned LOB areas
+ Ensure LOB compliance to IT/Security related policies and standards
+ Develop security policies/standards/procedures specific to assigned LOB area
+ Assist with the adherence of information security policies, standards and procedures.
+ Advise on deviation control alternatives, such as compensating controls, and assist with standard exception process
+ Approve and manage exceptions to policies and standards for assigned LOB area
+ Lead issues management activities (audit, Federal Reserve, self-identified, etc.)
**Access Management**
+ Develop the appropriate LOB security roles for access to Bancorp assets. Approve unique LOB access requests
+ Coordinate and execute regular review of access for DSAs for LOB
+ Approve elevated access (USB/CD, PC Admin, Level 1, etc.)
+ Manage annual access review for LOB
**Data Protection**
+ Drive data protection strategy and initiatives through assigned LOB areas
+ Create and manage inventory and control of all repositories that house high risk data (PCI, PII, HIPAA)
+ Develop and manage DLP parameters specific to LOB areas
**Business Continuity**
+ Coordinate and develop business continuity and disaster recovery plans and lead testing of plans and other scenario based exercises
+ Lead scenario analysis and testing specific to LOB
+ Lead regular testing of high-risk applications and processes
**Education and Awareness**
+ Promote corporate cyber security awareness activities and implement security awareness concepts locally, customizing communications to be suitable for the business
+ Ensure 100% completion of all required security training for assigned LOB
+ Lead security-based training that is specific to LOB
**LOB Partnership**
+ Serve as key contributor to LOB NPBA and Change Management process and TPRM
+ Manage security exceptions to contract language during negotiation
+ Ensure compliance with policy and standards for LOB Marketing areas (communications, websites)
+ Act as point of contact for providing responses to RFP received by LOB from potential customer
_At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply._
+ Bachelor's Degree or equivalent experience and a minimum 5-9 years of prior relevant experience
+ Licenses/Cert: Advanced Information Security Certification (ISACA or equivalent). Active SANS certification in the areas of network, malware and forensic analysis (GREM, GCIA, GCFA, GCIH)
+ Possess a working knowledge of the activities within the lines of business; in-depth banking knowledge preferred
+ Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
+ Project management experience highly desired
+ Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
+ Ability to interpret and apply policies and regulations across a large, complex business
+ Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
+ High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
+ Advanced skills with MS-Windows and other related PC applications
## **Job** **:** Operational & Process Control
## **Primary Location** **:** Massachusetts-BOSTON
## **Schedule** **:** Full-time
## **Job Posting** **:** Jun 4, 2018, 6:10:48 PM

More Information »