Information Security Associate

Description:

Santander is seeking an Associate, Information Security professional to join the Information Security team within the First Line of Defense. This role is primarily focused on Vulnerability Management, with exposure to Network Security as a secondary or “nice to have” capability. The ideal candidate is a cybersecurity professional who can support, monitor, and help maintain information security controls across on-premises and cloud environments.

As An Associate, You Will

Protect the Company, customers, and employees by identifying and mitigating technology threats to Santander
Support and strengthen Santander’s vulnerability management program through scanning, analysis, prioritization, and remediation tracking
Help identify security risks, configuration gaps, and control weaknesses across infrastructure, applications, and cloud services
Partner with technology and business teams to drive timely remediation and improve security posture
Gain exposure to regulatory expectations and enterprise security operations
Build a strong foundation in cyber risk management, with optional growth into network security disciplines.

What You Bring

The role will report directly to the Director of Information Security and functionally to the Santander US Tower Head of Infrastructure Security Services. The Associate Information Security professional will work closely with multiple technology, application, and business teams across the Santander ecosystem to help advise on secure design and implementation of solutions.

Under the guidance of senior security leaders, this role supports the integration of security controls into new and existing systems while ensuring alignment with Santander’s information security policies, standards, and regulatory expectations. The role also supports process improvement and automation initiatives, including the use of scripting and prompt engineering techniques to help streamline repetitive audit, risk, and security-related tasks within the Information Security function.

Primary Focus: Vulnerability Management

Create vulnerability scanning schedules and perform scans on a periodic and ad hoc basis to identify vulnerabilities
Conduct vulnerability assessments on IT infrastructure, applications, and related information assets
Support the operation and governance of the vulnerability management lifecycle
Analyze and prioritize vulnerabilities using the Common Vulnerability Scoring System (CVSS), threat intelligence, exploitability, and business context
Identify gaps and risks and drive remediation through closure within established timeframes
Partner with infrastructure, application, cloud, and business teams to validate findings and support remediation planning
Track remediation progress, escalate aging issues, and support risk acceptance processes when needed
Establish, track, and report key vulnerability management metrics (e.g., scan coverage, SLA adherence, critical vulnerability aging)
Participate in change request reviews assessing security risk and recommend solutions
Perform risk assessments and/or control gap analysis against Information Security Policies and Standards

Broader Information Security Responsibilities

Collaborate with technology teams to advise on secure implementation of solutions across the Santander environment
Provide security input during solution design and change activities, ensuring controls are embedded early in the delivery lifecycle
Translate information security requirements into practical, business-aligned guidance for partner teams
Support automation of repetitive security and audit-related tasks using scripting tools and prompt engineering techniques
Implement book-of-work projects and initiatives within scope, on time, and within budget
Establish and maintain appropriate governance forums and escalation paths
Manage and monitor technology, audit, and regulatory risk through governance, oversight, reporting, and training initiatives
Partner with examiners and auditors on technology examinations, gathering information and responding to findings
Bachelor's Degree or equivalent work experience: Computer Science or equivalent field. - Required.
5+ Years Experience in information security, governance, IT audit, or risk management. - Required.
5+ Years SAS experience. - Required.
Understanding of regulatory expectations related to technology and cyber risk (e.g., OCC, FFIEC, DORA, SOX, NYS DFS).
Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
Working knowledge of security systems or tools such as Qualys, AlgoSec, Microsoft SCCM, Ansible, Red Hat Satellite, ServiceNow (SNOW), CMDB, etc.
Proven ability to work in a team environment.
Possess the ability to perform under pressure in a challenging environment.
A hunger to learn and take on challenging opportunities, contributing to the success of the information security team.
Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.