<p>Who we are looking for</p> <p>It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. ETRM is responsible for thought leadership, oversight, monitoring, and advisement around the discovery and remediation of Cyber and Technology Risks across the enterprise.</p> <p>We are looking for a seasoned Cyber and Information Security Risk Leader with more than 15 years of experience in the financial services and/or technology industry. The qualified candidate should be well versed in identifying, assessing, managing and monitoring cyber risks across several domains such as Identity and Access, Information Protection, Threat and Vulnerability Management, Cyber Incident and Response, Application security, Secure configuration, Security architecture and cyber risks related to Third parties.</p> <p>The position interacts with all levels of management and senior level executives in IT viz. CISO, Sr. BISO, Head of Cyber GRC, CTO, CIO, etc. Therefore, exceptional interpersonal and communication skills are required. Candidates must demonstrate strong initiative, be able to perform well under pressure and be capable of managing multiple and diverse assignments.</p> <p>The successful candidate will report into the Global Head of Technology and Cyber Risk, who reports to the Chief Operational and Technology Risk Officer within the Operational Risk Management second line function. They will lead, guide and mentor a team of seasoned ETRM Cyber risk professionals to provide Second Line of Defense (SLoD) oversight, review and challenge on Global Cybersecurity and Global Technology Services First Line Organization.</p> <p>This role will require periodic communication with internal audit and regulators in the financial services domain and therefore, prior experience with regulators is strongly desired. Experience with Technology risk, Resiliency, Cloud Risk Management (AWS, Azure), Enterprise Architecture is a plus.</p> <p>Why this role is important to us</p> <p>ETRM plays an important role in the overall success of the organization and our mission is to establish a world class Technology Risk Management program that aligns business and technology risk to enable effective decision making. The organization is going through a significant transformation, and you will lead key cyber risk assessments on material projects and ensure the identified risks are being prudently managed. This position will also include providing thought leadership and support to both your peers in ETRM and your stakeholders in the business and corporate areas. You will need to periodically participate in meetings with our key regulators and provide support and advice to your stakeholders during regulatory exams and regulatory finding validations.</p> <p>What you will be responsible for</p> <ul> <li> <p>Your mission is to act as the ETRM advisor to the first line of defense (FLOD) on matters relating to the Cyber risk posture of State Street as benchmarked against applicable laws and regulations, rules, standards and best practices. More specifically, you will be:</p> </li><li> <p>Ensuring cyber risks and non-compliance with internal and external standards are proactively identified, prudently managed, and effectively challenged</p> </li><li> <p>Identifying/assessing/controlling/monitoring risks and supporting FLOD in planning/executing controls and additional compensating controls</p> </li><li> <p>Participating in various risk governance forums and executing real time oversight and challenge</p> </li><li> <p>Monitoring cyber risk appetite, reporting breaches, escalating exceptions and challenging risk acceptances</p> </li><li> <p>Providing an independent opinion on FLOD Cyber risk management, recommending appropriate improvements</p> </li><li> <p>Review and challenge the first line cyber controls assurance program and the constituent cyber processes</p> </li><li> <p>Interacting with the Enterprise Process Owners for the Cyber processes and foster deeper and integrated FLOD/SLOD relationships and embedded risk management</p> </li><li> <p>Communicate and drive effective implementation of ETRM risk management policies, framework, tools, guidelines and standards across the business ensuring cyber risks are identified and managed effectively.</p> </li><li> <p>Provide strategic leadership, vision and on-going support to the First line of Defense (FLOD) regarding cybersecurity related best practices and trends</p> </li><li> <p>Advise FLOD in prioritization of risks, risk initiatives, risk mitigation alternatives</p> </li><li> <p>Review and appropriately challenge cyber risk response decisions, directions, and initiatives undertaken by the FLOD providing an independent voice to the risk management process</p> </li><li> <p>Provide support and advice to ETRM and your stakeholders for regulatory exams and regulatory findings</p> </li><li> <p>Collaborate with and support regional (APAC and EMEA ETRM) peers in matters related to cyber and information security risks</p> </li><li> <p>Deliver assigned ETRM annual book of work (risk assessments, continuous monitoring, issues management, reporting etc) through the established risk leads within the team and engaging the ETRM India Service Center of Excellence</p> </li><li> <p>Utilize available Enterprise Risk and Operational risk management tools (NBPRA, MRI, RCSA, KRI's, Incident data, Loss event data) in conjunction with other environmental changes to proactively monitor the control environment and identify and address potential weaknesses and/or gaps in a timely manner</p> </li><li> <p>Keep abreast of new products, services, technologies and applications as well as their respective impact on the organization's risk profile</p> </li><li> <p>Serve as a subject matter expert in cyber risk, controls, compliance, best practices</p> </li></ul> <p>What we value</p> <p>These skills will help you succeed in this role</p> <ul> <li> <p>Collaborative</p> </li><li> <p>Ability to influence, obtain buy in and drive implementation of decisions</p> </li><li> <p>Strategic mindset linking multiple aspects and initiatives to drive a wholistic view of the risk and control environment</p> </li><li> <p>Excellent Communication skills</p> </li><li> <p>Leading and developing a team</p> </li><li> <p>Being an effective mentor and coach</p> </li><li> <p>Ability to be a strong voice for review and challenge while continuing to maintain positive relationships with business stakeholders</p> </li><li> <p>An ability to be a leader within their team, as well as being a leader amongst your peers</p> </li></ul> <p>Education & Preferred Qualifications</p> <ul> <li> <p>Minimum 15 years of experience in the financial, and or technology industries</p> </li><li> <p>This position requires interacting with "C" level suite, so superior communication, interpersonal, negotiation, presentation and intergroup skills are critical for success</p> </li><li> <p>The ability to translate technical issues into risk terms that business can understand is necessary</p> </li><li> <p>Experience with regulatory exams and responses is strongly desired</p> </li><li> <p>Advanced degree or undergraduate degree in technology / cyber disciple or equivalent</p> </li><li> <p>Thought leadership around cyber risks is a must</p> </li><li> <p>Experience in first line, risk management, compliance or audit, including but not limited to experience in design & implementation of control frameworks, penetration testing, cyber incident detection and response, encryption and data protection, EDR, SIEM, SOC</p> </li><li> <p>CISSP or equivalent is appreciated but not mandatory</p> </li><li> <p>Working knowledge of industry and regulatory risk and control standards and frameworks such as FFIEC, DORA, NIST-CSF, 800-53, COBIT, CCM, and MITRE ATTACK is expected</p> </li></ul> <p>Are you the right candidate? Yes!</p> <p>We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don't necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit.</p> <p>About State Street</p> <p>What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.</p> <p>Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You'll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.</p> <p>State Street is an equal opportunity and affirmative action employer.</p> <p>Discover more at StateStreet.com/careers</p> <p>Salary Range:</p> <p>$170,000 - $282,500 Annual</p> <p>The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.</p> <p>Job Application Disclosure:</p> <p>It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.</p>