Information Security Associate
Company: Santander Holdings USA Inc
Posted on: February 25, 2021
Description The Associate, Information Security designs
implements and monitors Financial/Accounting/Operational processes.
The incumbent is responsible for detecting threats and
vulnerabilities in target systems, networks, and applications by
conducting systems, network and web vulnerability assessment /
security testing. The Consultant, Information Security identifies
the security flaws and weaknesses in the systems that can be
exploited to cause business risk, and provides crucial insights
into the most pressing issues, suggesting how to prioritize
- Conducts vulnerability assessment, work with various
stakeholders to provide remediation to the identified risks and
bring the same to closure.
- Conducts walk-through of the assessment report to the
stakeholders and help define remediation plan.
- Follows a standard methodology to identify and/or detect
threats to the IT infrastructure, applications and other
- Works with various teams to follow a pre-assessment plan/ and
assessment schedule for every assessment, conduct threat
assessment, and deliver an assessment report.
- Develop and participate in multiple executive and business
forums in order to effectively communicate cyber risk to
- Demonstrate sustainability of newly implemented tools and
processes in areas including vulnerability management
- Engage technical and business owners in vulnerability
assessment and remediation management
- Develop escalation process with vendors regarding breach and
identified vulnerability notifications that pose high risk to the
- Performs technical security assessments (e.g., Windows, UNIX,
firewalls, routers, oracle, SQL server, etc.).
- Conducts vulnerability assessment on the target IT
Infrastructure, applications and related information assets.
- Directs managers and a senior technical team to deliver
security change in a global organization
- Provides direction and act as an escalation point on projects
and issues to other team members
- Interacts with partners as needed to explain work product,
security techniques, methodology and results to ensure appropriate
- Acts as senior resource for incident response related
activities. Collaborate with technical teams for security incident
remediation and communication.
- Acts as influencer of peers and management.
- Oversees management and deployment of security infrastructure
including Vulnerability Management, WAF, Network Monitoring,
Logging correlation, DDOS prevention and IPS/IDS.
- Provides technical security consulting support to address
complex business and technology projects and requests.
- Contributes to strategic planning to evaluate, deploy or update
- Analyzes and implements security solutions to meet customer
- Conducts risk assessments to evaluate the effectiveness of
existing controls and determine the impact of proposed changes to
business processes, applications and systems.
- Promotes cross-department collaboration and communication to
ensure appropriate processes, procedures and tools are installed,
monitored, and effectively operating and alerting
- Allocates and prioritizes security resources efficiently within
the organization managing both resources and budgets
- Conducts security research on threats and remediation
- Develops and maintains a set of operational and forward looking
- Conducts proof of concepts, vendor comparisons and recommend
solutions in line with business requirements
- Oversees daily monitoring of security reports to identify
issues and follow these issues to resolution
- Oversees security projects and the security testing of new and
- Prepares system security reports by collecting, analyzing, and
summarizing data and trends; presents reporting for management
- Creates process improvement by identifying inefficiencies and
solutions for process improvements.
- Writes clear implementation guidelines for the implementation
- Guides and confirms that the design has been implemented as per
- Updates job knowledge by tracking and understanding emerging
security practices and standards; participating in educational
opportunities; reading professional publications; maintaining
personal networks; participating in professional organizations.
- Acts as a subject matter expert (SME) while providing
leadership, guidance, and mentorship to other project
- Other duties as assigned.Requirements:
- Education -
- Bachelor's Degree: Computer Science or equivalent field.
- or equivalent work experience
- Experience -
- 5-9 years in field or similar industry.
- Experience in information security, governance, IT audit, or
- SAS experience.
- Skills & Abilities -
- Knowledge of risk assessment tools, technologies, and
- Experience planning, researching and developing security
strategies, standards, and procedures
- Exceptional organizational skills and attention to detail.
- Ability to work cooperatively in a team environment
- Ability to work cooperatively in a team environment
- Strong understanding of security, incident response and/or
- Proven ability to understand and analyze complex issues, then
apply experience and judgment to develop sound recommendations
especially as related to malware, eDiscovery, current
threats/attacks and/or vulnerability management
- Ability to communicate concisely, effectively and directly to
- Proven relationship building skills working with mid to senior
level management and cross-functional teams; understands risks;
additional focus on leadership; strong interpersonal skills;
delivers precise, accurate results to meet commitments; mentors
other team members
- Demonstrated presentation development; tailors message as
needed; comfortable presenting to all levels; strong writing
skills; demonstrates creativity in articulating messages that
- Strong knowledge of MIS reporting structures.
- Understands Risk Management needs and designs new solutions
based detailed analysis and validation.
- Advanced knowledge of Microsoft Office (Outlook, Word; Excel)
and PowerPointWorking Conditions:
- Frequently: Minimal physical effort such as sitting, standing,
- Occasional moving and lifting of equipment and furniture is
required to support onsite and offsite meeting setup and
- Physically capable of lifting up to fifty pounds, able to bend,
kneel, climb ladders.
- This job description does not list all the duties of the job.
You may be asked by your supervisors or managers to perform other
duties. You will be evaluated in part based upon your performance
of the tasks listed in this job description.
- The employer has the right to revise this job description at
any time. This job description is not a contract for employment,
and either you or the employer may terminate employment at any
time, for any reason.#LI-PP1At Santander, we value and respect
differences in our workforce and strive to increase the diversity
of our teams. We actively encourage everyone to apply.Employees
desiring consideration should complete an online application,
utilizing the appropriate process as subscribed by the posting
entity. Employees should provide all pertinent information to
support their candidacy.To be considered eligible for internal
posting, Santander employees must meet all of the following
- Completion of at least one year of active service in
- Completion of at least twelve months in current position
- Be in "Good Standing"Please click here to see the full policy
Keywords: Santander Holdings USA Inc, Grapevine , Information Security Associate, Other , Grapevine, Texas
Didn't find what you're looking for? Search again!