SCUK Senior IT Risk & Governance Analyst

at  Santander

SCUK Senior IT Risk & Governance Analyst
Country: United Kingdom
Santander Consumer Finance UK (SCUK) is based in Redhill, Surrey and provides motor finance to a network of dealerships throughout the United Kingdom.
An exciting opportunity has arisen to join our IT team as a Senior IT Risk & Governance Analyst. This is a key role to support the eCISO, IT Risk & Governance Manager and be a trusted partner and advisor to key stakeholders regarding governance, controls, cyber, information security, and IT risk.

RESPONSIBILITIES WILL INCLUDE:

• Manage IT & Cyber Risk portfolio and drive continuous improvements and help shape procedures with a focus on improving working practices and reducing risk
• Partnering with 2LoD to manage expectations and improve on data quality results
• Managing risk impacts and ensure mitigations are in place and regularly assessed
• Produce reports for relevant SCUK business stakeholders to have the appropriate visibility of core tasks
• Deal with or escalate any identified risks in relation to Santander Consumer risk policies and/or legislative and regulatory guidelines in accordance with the Santander UK group risk framework
• Manage and report KRI information for IT to promote effective monitoring
• Ensure that KRI are aligned with the requirements of HQ in Spain and that adequate action plans are in place for those that are out of appetite
• Provide assurance on existing IT Risk and controls in line with internal requirements
• Ensure that the IT leadership Team (ITLT) have effective standards, policies, processes and procedures suitable for the SCUK business. Ensure these are regularly reviewed, approved and stored in a central repository for ease of reference and consumption and that all staff have been appropriately trained in their use
• Plan and manage the embedding of a capability and maturity culture to drive continuous improvement across the IT department
• Working with Internal and External audit team to review evidence and track remediation of identified issues
• Manage logging of risk events, identify patterns of failures or gaps in risk events and ensure there is remediation plan that is tracked to completion
• Plan and manage local Ethical Phishing campaigns and ensure the results (or both local and Group) campaigns are followed up on, shared and reported to the relevant people in line with SCUK consequence management process. Develop and implement any required action plans to address identified issues
• Design, plan and publish relevant and up to date cyber awareness articles on SCUK local intranet ensuring alignment with SanUK
• Create an ongoing plan to execute cyber awareness training for all new starters and for those who need a refresher. Keep a register of those who have participated and follow-up on those who do not attend
• Assist the eCISO, IT Risk & Governance Manager in producing the monthly reporting for all the relevant committees and forums
• Adhering to our commitment to Consumer Duty ensuring we put our Customers’ needs first and set higher and clearer standards of consumer protection