Principal Information Security Consultant at Westpac focusing on security protocols and employee benefits for staff. Hybrid role centrally located with opportunities for professional development and employee perks.
About the role
- Associate, Information Security professional at Santander focusing on Vulnerability Management and network security exposure. Collaborating with teams to enhance security posture and manage technology risks.
Responsibilities
- Protect the Company, customers, and employees by identifying and mitigating technology threats to Santander
- Support and strengthen Santander’s vulnerability management program through scanning, analysis, prioritization, and remediation tracking
- Help identify security risks, configuration gaps, and control weaknesses across infrastructure, applications, and cloud services
- Partner with technology and business teams to drive timely remediation and improve security posture
- Gain exposure to regulatory expectations and enterprise security operations
- Build a strong foundation in cyber risk management, with optional growth into network security disciplines
- Create vulnerability scanning schedules and perform scans on a periodic and ad hoc basis to identify vulnerabilities
- Conduct vulnerability assessments on IT infrastructure, applications, and related information assets
- Support the operation and governance of the vulnerability management lifecycle
- Analyze and prioritize vulnerabilities using the Common Vulnerability Scoring System (CVSS), threat intelligence, exploitability, and business context
- Identify gaps and risks and drive remediation through closure within established timeframes
- Partner with infrastructure, application, cloud, and business teams to validate findings and support remediation planning
- Track remediation progress, escalate aging issues, and support risk acceptance processes when needed
- Establish, track, and report key vulnerability management metrics (e.g., scan coverage, SLA adherence, critical vulnerability aging)
- Participate in change request reviews assessing security risk and recommend solutions
- Perform risk assessments and/or control gap analysis against Information Security Policies and Standards
- Collaborate with technology teams to advise on secure implementation of solutions across the Santander environment
- Provide security input during solution design and change activities, ensuring controls are embedded early in the delivery lifecycle
- Translate information security requirements into practical, business-aligned guidance for partner teams
- Support automation of repetitive security and audit-related tasks using scripting tools and prompt engineering techniques
- Implement book-of-work projects and initiatives within scope, on time, and within budget
- Establish and maintain appropriate governance forums and escalation paths
- Manage and monitor technology, audit, and regulatory risk through governance, oversight, reporting, and training initiatives
- Partner with examiners and auditors on technology examinations, gathering information and responding to findings
Requirements
- Bachelor's Degree or equivalent work experience: Computer Science or equivalent field
- 5+ Years Experience in information security, governance, IT audit, or risk management
- 5+ Years SAS experience
- Understanding of regulatory expectations related to technology and cyber risk (e.g., OCC, FFIEC, DORA, SOX, NYS DFS)
- Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.)
- Working knowledge of security systems or tools such as Qualys, AlgoSec, Microsoft SCCM, Ansible, Red Hat Satellite, ServiceNow (SNOW), CMDB, etc.
- Proven ability to work in a team environment.
- Possess the ability to perform under pressure in a challenging environment.
- A hunger to learn and take on challenging opportunities, contributing to the success of the information security team.
- Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
- Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
- Certifications: CompTIA Security+, CompTIA Network+, CISSP
Benefits
- Competitive rewards package
- Support for you, your family, and your well-being
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Engineer supporting secure development lifecycle processes for product lines in the energy sector. Collaborating with R&D on security requirements and compliance audits.
Automation Oversight Engineer providing oversight of compliance in automated device configurations for Comcast Business. Managing configuration checks and reporting, ensuring reliable oversight and improvement strategies.
Principal Systems Engineer - Cybersecurity role in protecting our nation's products as part of Integrated Platform Solutions team. Develop solutions utilizing RMF, Anti - Tamper, Software Assurance, and more.
Agent de Sécurité assurant la sécurité des usagers du réseau de transport TBM. Rattaché au Manager de Proximité Sûreté, garantissant la qualité de service public de transport en commun.
Web and Remote Access Security Engineer managing secure remote connectivity solutions. Collaborating across security and networking domains to enable reliable access for global workforce.
Security Officer protecting patients, visitors, and staff at Shriners Hospital for Children in Sacramento. Engaging in various responsibilities related to safety and security on hospital property.
Senior IT Security Administrator supporting IT security operations at Uline. Collaborating with teams to develop security procedures and manage risks effectively.
Security Technician at Presbyterian Healthcare Services ensuring safety through patrols, incident response, and emergency preparedness. Responsibilities include monitoring risks and documenting activities efficiently.
Product Security Engineer at Junglee Games ensuring security is integrated into each stage of the software development lifecycle. Collaborate across teams and harden the security of products and platforms.