Senior Vulnerability Management & Testing Manager | S4 | Chief Information & Resilience Office | Multiple Locations

The role will lead the development of a data-driven vulnerability management and scenario testing capability, aligned to Operational Resilience and regulatory expectations.

This is a senior technical leadership role focused on risk analytics, vulnerability intelligence, and scenario modelling, transforming traditional risk practices into a quantitative, evidence-based assurance capability. You will define how vulnerabilities are identified, prioritised, tested, and remediated across complex systems, ensuring full traceability and Board-level visibility.

You will operate as a Line 1 risk SME, leading across vulnerability management, scenario testing, and crisis integration, while influencing senior stakeholders and driving enterprise-wide resilience outcomes.

We're shaping the way we work through innovation, cutting-edge technology, collaboration and the freedom to explore new ideas. To succeed in this role, you will be responsible for:

• Designing and implementing a centralised vulnerability management capability, including a single source of truth for vulnerabilities across systems, services, and third parties.
• Developing risk-based prioritisation models, aligned to impact tolerances (IBS/ITOL) and scenario testing outputs.
• Leading data-driven vulnerability analysis, linking vulnerabilities to service architecture, dependencies, and resilience outcomes.
• Establishing robust remediation tracking, validation, and control effectiveness testing frameworks.
• Designing and delivering advanced scenario testing capability, including severe but plausible scenarios and quantitative impact modelling.
• Integrating incident data, threat intelligence, and vulnerability insights into testing and risk assessment frameworks.
• Producing Board-level MI and reporting, demonstrating exposure trends, resilience uplift, and control effectiveness.
• Acting as a senior risk SME, leading governance forums, influencing stakeholders, and driving compliance with regulatory and internal risk frameworks.

WHAT YOU'LL BRING

Our people are our greatest strength. Every individual contributes unique perspectives that make us stronger as a team and as an organisation. We're enabling teams to go beyond by valuing who they are and empowering what they bring.

The following requirements represent the knowledge, skills, and abilities essential for success in this role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions., * Wellbeing that goes beyond work - we work with a range of wellbeing partners across our 4 pillars of wellbeing (physical, mental, social and financial) to give you access to a suite of apps, discounted gym and fitness access, weekly online classes, flexible healthcare and mental health support.

• Support for every life stage - from menopause and pregnancy to parenthood and beyond, with enhanced family leave, childcare options and tailored wellbeing support.
• Time to give back through volunteering opportunities that let you make a difference in the communities we serve.
• Global growth opportunities to shape your career, learn new skills and explore what's possible across our international network.

Ready to be recognised? It starts with you.

LOCAL COMPLIANCE

At Santander, we're proud to be an inclusive organisation that provides equal opportunities for everyone - regardless of age, gender, disability, civil status, race, religion or sexual orientation.

We're committed to creating a recruitment experience that's accessible, fair and welcoming for all candidates.

We want our people to thrive - at work and at home - while delivering the best outcomes for our customers and supporting each other to grow.

To make this possible, our roles are site-based with a hybrid working pattern, where colleagues are expected to attend the office at least 12 days per month (pro-rata for part-time roles).

• Extensive experience in operational risk, vulnerability management, or resilience within financial services (Required).
• Proven experience designing and implementing risk frameworks, vulnerability management, or scenario testing capabilities (Required).
• Experience applying data-driven approaches to risk identification, prioritisation, and remediation (Required).
• Experience leading complex cross-functional initiatives across technology, cyber, and business teams (Required).

Education

• Undergraduate degree in Risk, Cybersecurity, Technology, Data, or related field (Preferred).
• Professional certifications in Risk Management, Cybersecurity, or Operational Resilience (Preferred).

Languages

• English (Required).

Hard Skills

• Strong expertise in vulnerability management frameworks, tools, and methodologies (Required).
• Experience with risk modelling, scenario analysis, and quantitative impact assessment (Required).
• Understanding of technology architecture, data flows, and system dependencies (Required).
• Knowledge of operational resilience frameworks (IBS, ITOL) and regulatory expectations (FCA/PRA, BCBS) (Required).
• Experience integrating threat intelligence, incident data, and vulnerability data into analytics frameworks (Required).
• Strong understanding of risk governance, control frameworks (e.g. COSO, SOX), and compliance requirements (Required).

Soft Skills

• Strong strategic thinking and decision-making capability (Required).
• Ability to translate complex risk and technical data into executive insights (Required).
• Excellent stakeholder management and influencing skills at senior level (Required).
• Strong leadership capability with experience building and developing high-performing teams (Required).
• Ability to challenge constructively and drive a proactive risk culture (Required).

At Santander, your contribution matters. We recognise the difference you make every day, and we make sure you feel valued, supported and rewarded in return. Here, recognition goes beyond pay. It's about the pride you feel in your work, the impact you have on customers and communities, and the opportunities you have to grow and thrive - personally and professionally.

• Salary Range: £76,385.00 - £114,577.00 per annum (depending on experience) This salary range represents the expected remuneration for the role. Annual salary is based on a standard 35-hour working week. Actual salary offered will depend on skills, experience, qualifications and location.

• 30 days' holiday plus bank holidays, which increases to 31 days after 5yrs service, with the option to purchase up to 5 contractual days per year

• £6,000 car allowance per year

• Company funded individual private medical insurance

• Protection for you and your family, with company-funded death-in-service benefit and income protection insurance, and the option to take advantage of discounted rates for additional life assurance and critical illness cover.

• Share in Santander's success by saving or investing in our share plans.

• As a Santander UK employee, you are able to request staff versions of our products like our Edge Current Accounts and Credit Cards with no fees, as well as apply to many other deals and discounts in Santander products and services

Santander (www.santander.com) is evolving from a global, high-impact brand into a technology-driven organisation, and our people are at the heart of this journey. Together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what's possible. This is more than a strategic shift. It's a chance for driven professionals to grow, learn, and make a real difference. Our mission is to contribute to help more people and businesses prosper. We embrace a strong risk culture and all our professionals at all levels are expected to take a proactive and responsible approach toward risk management. Santander Digital Services is the team of technology and operations at Santander. We are convinced of the importance of technology that is aligned with the requirements of the business and that out work not only brings value to users, people and communities but also fosters individual creativity. Our team of over 7,000 people in 8 countries (Spain, Portugal, Poland, UK, USA, Mexico, Chile and Brazil) develops and/or implements financial solutions across a broad spectrum of technologies (including Blockchain, Big Data and Angular among others) on all kinds of on-premise and cloud-based platforms.