Manager, IT RCSA
Company: Santander Holdings USA Inc
Posted on: January 26, 2023
Manager, IT RCSA
Miami, United States of America
WHAT YOU WILL BE DOING
The Manager, IT RCSA operates within the first line of defense and
is accountable leading the Business Control & Risk Management
(i.e., Information Technology Risk and Control Self-Assessment)
team in the oversight and governance of Business Line (IT)
execution against the Enterprise Risk Management Framework. The
Manager will manage a team that works to identify, assess and test
various Information Technology (IT) risks and controls through the
defined risk program requirements. The Manager will oversee the
evaluation of key IT processes, review internal control/quality
reports and participate in risk initiatives and lead opportunities
for improved efficiency, effectiveness and/or efforts to reduce
exposure to top/material business risks. S/he supports and monitors
IT's adherence with corporate policies and procedures including
The Manager provides leadership within the Business Control & Risk
Management team(s) and IT and must be able to effectively lead and
collaborate with various stakeholders while influencing strategic
Monitors activities to minimize the company's exposure to risk.
Activities may include quantitative analysis, risk identification
and remediation. Represents or supports the reputation of the
company to minimize compliance and regulatory risk by resolving
issues and ensuring adherence to company and legal standards.
Responsible for ensuring that all IT activities adhere to the
necessary rules and regulations, and that the company complies with
legal/regulatory statutes and jurisdictions.
- Drive Risk Culture: Establishes expectations, ownership and
accountability for risk management within the Business Line (IT).
Ensure awareness in the Business Line (IT) of risk frameworks,
policies and standards.
- Communication & Training: Act as central point of contact for
receipt and distribution of risk related information between SLoD
risk teams and Business Line (IT). Maintain two-way communications
with SLoD. Facilitate training for Business Line (IT) to provide
awareness of risk frameworks, policies, programs, processes,
- Adherence to Risk Frameworks, Policies, and Standards: Partner
with SLoD to provide input/review of frameworks, policies and
standards. Facilitate Business Line (IT) awareness of and adherence
to risk frameworks, policies, and standards through internal
control testing and issue validation. Report and escalate
exceptions and facilitate Business Line (IT) corrective
- Continuous Monitoring: Continuously monitors all sources of
risk existing within the Business Line (IT) and externally. Engage
in research, peer networking, and experience to anticipate critical
risk issues impacting the Business Line (IT). Monitor Key Risk
Indicators and report on negative/adverse trends in Business Line
(IT). Monitor risk profile to maintain tolerance within Risk
- Issue Identification, Management, and Risk Assessment: Conduct
IT RCSA responsibilities including Process Mapping, Risk & Control
Matrices, Inherent Risk Assessments, and IT Control testing.
- Engage and hold Business Line (IT) process owners accountable
to identify and assess risks.
- Support Business Line (IT) in risk identification. Ensure all
issues pertaining to the Business Line (IT) are resolved within
established timelines. Validate issues to ensure Business Line (IT)
remediation is sufficient to address root cause and prevent
- Internal Control Testing: Implement and maintain internal
control testing and control effectiveness monitoring in the
Business Line (IT). Validate the adequacy of controls, escalate
deficiencies as appropriate. Identify root causes of control
deficiencies/weaknesses and take appropriate action to ensure
Business Line (IT)s remediate and prevent recurrence.
- Exam Management: Liaison with the Business Line (IT) for all
exam related activities including regulatory, Internal Audit, etc.
Review materials, responses and validate Business Line (IT)
remediation work (e.g., artifacts, action plans, etc.)
To perform this job successfully, an individual must be able to
perform each essential duty satisfactorily. The requirements listed
below are representative of the knowledge, skill, and/or ability
required. Reasonable accommodations may be made to enable
individuals with disabilities to perform the essential
- Bachelor's Degree or equivalent work experience in Information
Technology, Business, Risk Management, or equivalent field.
- Master's Degree in Information Technology, Business, Risk
Management, or equivalent field. (Pref) Licenses & Certifications -
- Preferred Professional Certification such as CRISC, CISA, CISSP
- 10+ years within IT Audit or IT RCSA programs. Previous
management experience managing small teams Skills and Abilities:
- Through the execution of a defined risk and controls
self-assessment program analyzes, evaluates, and provides strategic
guidance and direction for programs, policies, and procedures to
ensure alignment with regulatory requirements and acceptable risk
- Experience Independently developing and documenting test
procedures and/or documenting recommendations for test plan
modifications that improve validation of control objectives. Test
procedure development may cover a wide range of technically diverse
topics ranging from IP Network Discovery, access management,
network security/operation, vulnerability management, Information
Security, SDLC, Backup and others. Should have extensive experience
testing IT controls across multiple IT domains and evaluating both
automated and manual controls. related to Information Security or
IT infrastructure domains.
- Ability to work on multiple concurrent assessments.
- Ability to work under pressure and meet deadlines.
- Strong risk assessment, negotiation and problem resolution
- Strong collaboration and relationship management skills.
- Self-starter, able to establish relationships and transcend
multiple cross-functional/divisional boundaries, largely
- Proven ability to apply strategic thinking to multiple, complex
organizational and business issues, and has ability to translate
into practical plans for project execution.
- Project management skills.
- Knowledge and working understanding of additional auditing
standards, theories, concepts, and terms (including Sarbanes-Oxley,
COBIT and the COSO Integrated Control Framework).
- High sense of urgency with ability to drive results.
- Must be able to "hit the ground running".
- High proficiency in PowerPoint, Word and Excel.
- Excellent verbal and written communication/presentation skills.
Diversity & EEO Statements: At Santander, we value and respect
differences in our workforce and strive to increase the diversity
of our teams. We actively encourage everyone to apply.
Santander is an equal opportunity employer. All qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, sexual orientation, gender identity,
national origin, genetics, disability, age, veteran status or any
other characteristic protected by law.
Working Conditions: Frequent Minimal physical effort such as
sitting, standing and walking. Occasional moving and lifting
equipment and furniture is required to support onsite and offsite
meeting setup and teardown. Physically capable of lifting up to
fifty pounds, able to bend, kneel, climb ladders.
Employer Rights: Employer Rights: This job description does not
list all of the job duties of the job. You may be asked by your
supervisors or managers to perform other duties. You may be
evaluated in part based upon your performance of the tasks listed
in this job description. The employer has the right to revise this
job description at any time. This job description is not a contract
for employment and either you or the employer may terminate at any
time for any reason.
Primary Location: Miami, Florida, United States of America
Other Locations: Florida-Miami
Organization: Santander Consumer USA Inc.
Keywords: Santander Holdings USA Inc, Hialeah , Manager, IT RCSA, Executive , Hialeah, Florida
Didn't find what you're looking for? Search again!