Director of IT Risk and Control Self Assessment (RCSA)
Country: United States of America
The Director of IT Risk and Control Self Assessment (RCSA) operates within the first line of defense and is directly accountable to lead Business Control & Risk Management team(s) in the oversight and governance of Technology execution against the Enterprise Risk Management Framework.
The Director is accountable for the evaluation and improvement of the control environment within Technology. The Director supports and leads the risk evaluation of key IT processes and controls including the operating functions across the collective and individual processes. Continuously evaluates the industry, market and regulatory environment to anticipate changes and help ensure appropriate alignment and control model with potential scenarios that may change Technology’s risk profile.
The Director leads a team across US entities that works to continuously identify, assess and action process and control risks throughout Technology following established program methodologies. S/He will lead governance routines to report and escalate as necessary to executive management and corporate risk partners while driving a cultural awareness of risk management practices and interacts with all lines of internal risk management peers including other first line of defense teams, corporate risk functions and internal audit.
Responsibilities:
- Drive Continuous Improvement Culture: Establish expectations, ownership and accountability for continuous process improvement prioritization among IT process and control owners. Utilize the unique exposure to all key Technology processes and controls to drive continuous process improvement within IT Teams. Provide guidance and feedback to process and control owners regarding process improvement opportunities, along with risk remediation results from process and control assessments performed by the team.
- Drive Risk Culture: Establishes expectations, ownership and accountability for risk management within the Technology. Provide risk expertise and control function feedback, as applicable, during performance review cycles and incentive plans of employees in the Technology. Ensure awareness in Technology of risk frameworks, policies and standards.
- Communication & Training: Act as central point of contact for receipt and distribution of risk related information between SLoD risk teams and Business Lines. Maintain two way communications with SLoD, building a true partnership to see continuous risk reduction and improvement across Technology functions. Facilitate training for Technology to provide awareness of risk frameworks, policies, programs, processes, etc.
- Adherence to Risk Frameworks, Policies, and Standards: Partner with SLoD to provide input/review of frameworks, policies and standards. Facilitate Business Line awareness of and adherence to risk frameworks, policies, and standards through internal control testing and issue validation. Report and escalate exceptions and facilitate Business Line corrective actions
- Continuous Monitoring: Continuously monitors all sources of risk existing within the Technology Department and externally. Engage in research, peer networking, and experience to anticipate critical risk issues impacting the Technology Department.
- Issue Identification, Management, and Risk Assessment: Oversee and conduct RCSA responsibilities including Process Mapping, Risk & Control Matrices, Inherent Risk Assessments, Internal Control testing and Issue Management data/input. Engage and hold IT process owners accountable to identify and assess risks. Support Technology in risk identification (e.g. NPBA, change management, etc.). Ensure all issues (Self-Identified, IA, Credit Risk Review or Regulatory) pertaining to the Technology are resolved within established timelines. Validate issues to ensure remediation is sufficient to address root cause and prevent recurrence.
- Internal Control Testing: Implement and maintain internal control testing and control effectiveness monitoring in the Technology. Validate the adequacy of controls, escalate deficiencies as appropriate. Identify root causes of control deficiencies/weaknesses and take appropriate action to ensure Business Lines remediate and prevent recurrence.
- Exam Management: Liaison with Technology process and control owners for necessary exam related activities including regulatory, Internal Audit and Credit Risk Review. Review materials, responses and validate remediation work (e.g. artifacts, action plans, etc.).
Additional responsibilities include:
- Ensure the timely delivery of project results that meet or exceed agreed-upon metrics or goals
- Mentor Project Managers on Lean Six Sigma and general project management skills
- Act as a key driver for change within the Technology teams aligned to supporting project execution and toll-gating and helping them to learn, understand, adjust and grow in a continuous improvement environment
- Conduct in-depth analyses (when required), including data collection, data analyses, and synthesis of data to generate key insights for IT processes
- Ensure disciplined, data-driven, well-documented approaches to improving end-to-end operational performance led by voice of the customer
- Promote a risk-aware culture; ensure efficient and effective risk and compliance management practices by adhering to required standards and processes
- Provides hands-on leadership to process and control owners
- Builds a strong team and develops them to their full potential
- Recognize when there are obstacles preventing others from achieving their goals and readily intervenes and finds resourceful ways to remove them
- Develop and maintain relationships with senior leadership both within and outside of Technology
Required Skills:
- Financial Services Experience
- Information Security and Infrastructure Technical Knowledge
- Demonstrated knowledge of operating in a regulated entity
- Ability to understand complex technical systems and the business processes they support; synthesize the corresponding risks and controls and recommend adjustments.
- Ability to drive results and meet deadlines to reduce risks
- Excellent communication skills, including an ability to influence stakeholders across the organization, to speak effectively in small and large-group settings, and to write clearly in internal memos, presentations and e-mails
- Ability to manage complexity, including in troubleshooting problems or in developing process or other solutions
- Strong attention to detail in a fast-paced work environment
- Demonstrated people leadership experience, either through direct leadership or coaching/mentoring role
- Strong ability to lead, partner, and influence across all leadership levels
- Demonstrated people leadership experience either through direct leadership or coaching/mentoring role
- IT Audit experience is a plus
Education:
- Bachelor's Degree or equivalent work experience in Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field.
- Master's Degree in Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field a plus
Licenses/Certification:
CISSP certification is plus – other certification CISA/CISM
Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.
Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.
Employer Rights: Employer Rights: This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.
The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.
$131,250.00 USD
$220,000.00 USD