Enterprise IT RCSA Testing Lead

It Starts Here:

Santander is a global leader and innovator in the financial services industry and is evolving from a high-impact brand into a technology-driven organization. Our people are at the heart of this journey and together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible.  This is more than a strategic shift.  It’s a chance for driven professionals to grow, learn, and make a real difference.

If you are interested in exploring the possibilities We Want to Talk to You!

Job Description

The Difference You Make:

The Head of Enterprise RCSA Testing Lead is a critical leadership role within the First Line of Defense, responsible for building and overseeing a comprehensive, risk-based control testing program across Santander US. This role provides strategic direction and operational oversight for RCSA control testing across both US Technology organization and Non-Technology business lines, ensuring alignment with Santander’s Enterprise Risk Management Framework, internal standards, and regulatory expectations.

The successful candidate will bring deep expertise in control testing, strong partnership skills, and the ability to drive high-quality, consistent execution across a complex organization.

• Lead the design, development, and execution of the enterprise-wide RCSA control testing program, including testing methodology, sampling approaches, test scripts, documentation standards, and quality assurance.

• Oversee execution of control design assessments, operating effectiveness testing, and remediation validation across Technology, Operations, Corporate Functions, and Line of Business activities.

• Identify control deficiencies, assess risk impacts, and present clear, evidence-based findings to business and technology leaders.

• Produce high-quality reporting and insights for senior management, governance committees, and risk partners, highlighting emerging themes and control environment trends.

• Partner closely with Second Line of Defense teams and Internal Audit to ensure alignment on testing expectations, issue identification, and remediation standards.

• Ensure testing practices meet or exceed regulatory requirements and internal policy standards.

• Build, lead, and develop a high-performing testing organization, fostering a culture of accountability, technical excellence, and continuous improvement.

What You Bring:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor's Degree or equivalent work experience: Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field. - Required.

• 12+ Years Risk Management. - Required.

• 12+ Years Previous management experience. - Required.

• Extensive experience in control testing, Internal Audit, RCSA, SOX, operational risk, or technology risk within a regulated financial institution.

• Strong understanding of control design, evidence evaluation, sampling, and testing documentation standards.

• Demonstrated expertise in both Technology and Non-Technology control environments.

• Proven ability to communicate effectively with senior leaders and influence across all levels of the organization.

• Experience managing teams and driving execution in a fast-paced, highly regulated environment.

• Strong analytical and critical thinking skills.

• Excellent written and verbal communication.

• Ability to lead through influence and build strong partnerships.

• High attention to detail and commitment to quality.

• Strong planning, prioritization, and execution skills.

• Ability to manage complexity and navigate competing priorities.

• Deep understanding of modern technology environments.

• Cloud technologies (AWS, Azure, GCP) and shared responsibility models

• AI/ML risk management, including model governance, data lineage, bias detection, and monitoring.

• Cybersecurity principles: access controls, vulnerability management, secure SDLC, threat monitoring.

• Infrastructure and network controls: segmentation, disaster recovery, change management.

• Data governance and data quality controls, including privacy, retention, and classification.

• Third-party and SaaS technology risk, including SOC report evaluation and control testing.

• Use of automation, GRC platforms, and analytics tools to enhance testing quality and efficiency.

• Familiarity with major control and technology frameworks, including:  NIST Cybersecurity Framework (CSF),  NIST 800-53 and 800-17, ISO 27001/27002, CIS Critical Security Controls,  SOC 1/SOC 2 Trust Services Criteria,  COBIT Framework,  FFIEC IT Handbook and guidance.

Certifications:

• Other: Risk Certification - Preferred.

It Would Be Nice For You To Have:

• Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.

• Experience in Microsoft Office products.

What Else You Need To Know:

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range:

Minimum:

We Value Your Impact:

Your contribution matters and it’s recognized.  You can expect a fair and competitive rewards package that reflects the impact you create and the value you deliver. We know rewards go beyond numbers.  Offering more than just a paycheck our benefits are designed to support you, your family and your well-being, now and into the future. Santander Benefits - 2026 Santander OnGoing/NH eGuide (foleon.com) 

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.
Working Conditions:

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required.

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next:

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at [email protected] to discuss your needs.