Santander Bank, NA Business Information Security Officer-BISO in Boston, Massachusetts

Business Information Security Officer-BISO - 1802981



The BISO functions as the central information security advocate for the assigned business division. They will provide cyber security risk advice and consultation to business partners; enable businesses to effectively manage risk within the company’s risk appetite and meet business objectives. The BISO will facilitate communication and execution of enterprise wide information security programs, deliver enterprise awareness training and promote corporate cyber security awareness activities.

They will support the businesses risk assessment of system applications, third parties and infrastructure and validate that security and technology controls are implemented to support business requirements. In addition, they will coordinate business continuity and disaster recovery plans and lead testing of plans and other scenario based exercises. They will achieve results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types. The BISO will manage the development and/or implementation of significant or Bank-wide Technology Controls / Information Security strategies, policies, programs, tools and provide expert advice and guidance on technical solutions.

They will oversee control and governance activities and identify and assess potential security risks, breaches/ exposures impacting highly complex / high risk businesses or transformational (change the bank) strategic initiatives primarily interfacing with executive and/or functional stakeholders across the Bank. The BISO is accountable for always doing the right thing for customers and colleagues, and ensures that actions and behaviors drive a positive customer experience.


  • Approve elevated access (USB/CD, PC Admin, Level 1, etc.).

  • Coordinate and execute regular review of access for DSAs for LOB, Develop the appropriate LOB security roles for access to Bancorp assets.

  • Approve unique LOB access requests, Manage annual access review for LOB.

  • Coordinate and develop business continuity and disaster recovery plans and lead testing of plans and other scenario based exercises.

  • Lead regular testing of high-risk applications and processes.

  • Lead scenario analysis and testing specific to LOB, Create and manage inventory and control of all repositories that house high risk data (PCI, PII, HIPAA).

  • Develop and manage DLP parameters specific to LOB areas.

  • Drive data protection strategy and initiatives through assigned LOB areas Ensure 100% completion of all required security training for assigned LOB.

  • Lead security-based training that is specific to LOB.

  • Promote corporate cyber security awareness activities and implement security awareness concepts locally, customizing communications to be suitable for the business.

  • Act as point of contact for providing responses to RFP received by LOB from potential customer.

  • Ensure compliance with policy and standards for LOB Marketing areas (communications, websites).

  • Manage security exceptions to contract language during negotiation.

  • Serve as key contributor to LOB NPBA and Change Management process and TPRM.

  • Approve and manage exceptions to policies and standards for assigned LOB area.

  • Assist with the adherence of information security policies, standards and procedures.

  • Advise on deviation control alternatives, such as compensating controls, and assist with standard exception process.

  • Develop security policies/standards/procedures specific to assigned LOB area Drive cyber security specific strategic initiatives through assigned LOB areas.

  • Ensure LOB compliance to IT/Security related policies and standards.

  • Lead issues management activities (audit, Federal Reserve, self-identified, etc.).

  • Work with LOBs to ensure cyber security-related requirements and funds are included in strategic initiatives.



  • Advanced skills with MS-Windows and other related PC applications.

  • Ability to interpret and apply policies and regulations across a large, complex business.

  • Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams.

  • Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.

  • High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions.

  • Possess a working knowledge of the activities within the lines of business; in-depth banking knowledge preferred.

  • Project management experience highly desired.

  • Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security.

Job : Operational & Process Control
Primary Location : Massachusetts-Boston
Schedule : Full-time
Job Posting : May 7, 2018, 1:40:20 PM