The IT Controls Analyst operates within the First Line of Defense to implement the Enterprise Risk Management Framework, ensuring compliance with regulations, corporate standards, and company policies.
Through the execution of a defined risk and control self-assessment program, the analyst analyzes, evaluates, and provides strategic guidance for programs, policies, and procedures, thereby ensuring alignment with regulatory requirements and acceptable risk mitigation practices.
Education:
- Bachelor's degree in IT Risk Management, Information Systems, or equivalent field, or equivalent work experience.
- Master's degree in IT Risk Management, Information Systems, or equivalent field.
Experience:
- More than 3 years of experience in IT technical control testing and IT technical evidence evaluation.
- More than 3 years of experience in IT Risk Management, Internal Controls, Auditing, and Information Security.
- Previous hands-on experience in cyber risk assessment, cybersecurity evaluation, penetration testing, network devices (firewalls/IDS-IPDS), and IT tools.
- Solid knowledge and understanding of risk and control methodologies, including frameworks such as COSO and COBIT.
- Experience conducting reviews of medium- to high-complexity IT processes.
- Ability to independently develop and document test procedures and/or recommendations for modifying test plans to improve the validation of control objectives.
- Extensive experience testing IT controls across multiple domains and evaluating automated and manual controls related to information security or IT infrastructure.
- Strong data analysis skills and the ability to independently develop scripts to collect the data necessary for control testing/assessments. Automation of test procedures whenever possible.
- Ability to perform cross-platform testing (applications, databases,
- operating systems, middleware, monitoring tools, and business processes).
- Independently obtain, review, and interpret evidence to validate the effectiveness of controls and identify vulnerabilities, deficiencies, or failures. Identify risks associated with control failures and support the identification of mitigating controls.
- Ability to accurately document control test results with sufficient detail and minimizing the need for rework.
- Ability to work on multiple simultaneous assessments.
- Ability to create Excel formulas for data analysis.
- Excellent project management skills.
Licenses & Certifications -
- Preferred Professional Certification such as CRISC, CISA, CISSP
Similar Jobs
What We Do
Banco Santander (SAN SM, STD US, BNC LN) is a leading commercial bank, founded in 1857 and headquartered in Spain and one of the largest banks in the world by market capitalization. The group’s activities are consolidated into five global businesses: Retail & Commercial Banking, Digital Consumer Bank, Corporate & Investment Banking (CIB), Wealth Management & Insurance and Payments (PagoNxt and Cards). This operating model allows the bank to better leverage its unique combination of global scale and local leadership. Santander aims to be the best open financial services platform providing services to individuals, SMEs, corporates, financial institutions and governments. The bank’s purpose is to help people and businesses prosper in a simple, personal and fair way. Santander is building a more responsible bank and has made a number of commitments to support this objective, including raising €220 billion in green financing between 2019 and 2030. In the first quarter of 2024, Banco Santander had €1.3 trillion in total funds, 166 million customers, 8,400 branches and 211,000 employees.
