Sr Associate Information Security

About The Position

Requirements

• Bachelor's Degree or equivalent work experience: Computer Science, Engineering or Information Technology Management, or equivalent field. - Required.
• 9+ Years Experience in IT Security. - Required.
• 9+ Years Working as a Security Architect. - Required.
• 5+ years of experience in cybersecurity architecture within financial services or similarly regulated industries.
• Demonstrated experience operating in a shift-left security model embedded with development and business teams.
• Deep expertise in encryption technologies, including: PKI architecture and governance HSM deployment and management Certificate lifecycle automation Key management systems (KMS) TLS, mTLS, IPSec, and database encryption
• Experience designing secure architectures in cloud environments (AWS mainly).
• Proven experience conducting threat modeling and architecture risk assessments.
• Demonstrated working knowledge of: FFIEC IT Examination Handbook GLBA Safeguards Rule NYDFS 23 NYCRR 500 PCI-DSS NIST Cybersecurity Framework (CSF) NIST SP 800-53 and 800-57 (Cryptographic Key Management) ISO/IEC 27001 and 27002
• Strong risk-based decision-making capability.
• Ability to articulate technical risk in business terms.
• Architectural governance and documentation discipline.
• Cryptographic rigor and operational resilience mindset.
• Cross-functional collaboration across engineering, infrastructure, legal, and risk teams.

Nice To Haves

• Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.
• Experience in Microsoft Office products.

Responsibilities

• Conduct threat modeling, security design reviews, and lead cybersecurity architecture risk assessments (ISARs).
• Define and maintain enterprise security architecture aligned to business strategy, policies and reference architecture for cloud, hybrid, and on-prem environments
• Embed security controls early in the project lifecycle under a “shift-left” model: Partner with engineering, product, and business teams to translate risk into actionable design requirements.
• Architect and oversee encryption strategies for data at rest, in transit, and in use including PKI, HSM and Certificate lifecycle processes (issuance, rotation, revocation, automation, PKI governance).
• Establish cryptographic key management standards and oversee key custody models.
• Ensure architectural compliance with regulatory and supervisory expectations.
• Support regulatory examinations, audits, and control validation activities.

Benefits

• We know rewards go beyond numbers. Offering more than just a paycheck our benefits are designed to support you, your family and your well-being, now and into the future.
• Santander Benefits - 2026 Santander OnGoing/NH eGuide (foleon.com)