It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. SSC is embarking on a major technology transformation which includes significant transformation and technology modernization and adoption with migration to hybrid cloud premises as a primary goal. ETRM is responsible for risk leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, including Cyber security and Could Technologies. This includes oversight to ensure strong governance and controls are in place and that Cyber Threat Scenarios have associated recovery strategies including technical solutions, robust testing processes, and reporting of risks to appropriate forums and committees.

Position Description

As a representative of the Enterprise Technology Risk Group, you will have risk oversight responsibility in the areas of State Street’s Cyber and Technical Resiliency transformation initiatives, Recovery Management and Testing, and assessment of risks related to Cyber, Data Vault, Scenario Analysis, Testing, Governance, and controls.

What you will be responsible for

• Proactively identify, assess, and manage Cyber Resiliency and Technology Risks.
• Provide guidance/advice on remediation to first line and oversee remediation to ensure risk is properly mitigated.
• Ensure timely registration of Cyber/Technology findings in Corporate Governance Risk and Compliance tool including mapping to risks and controls.
• Review monthly and quarterly risk assessment reporting (providing risk opinion) including risk appetite, metrics, risk position, maturity, status of programs, findings.
• Support annual maturity assessment process.
• Review roll out of new/revised policies, standards, and guidelines.
• Build partnerships and collaboration with technology areas (Risk and Compliance, Cyber Security, Recovery Management, Corporate Audit, and Operational Risk).
• Perform risk analysis and aggregation to identify top risks and areas of focus/improvement for prioritization.
• Track key projects in line with the ETRM Book of Work and OKRs, integrate activities across EMEA/APAC, and with technology areas.
• Conduct risk assessments, regulatory reviews, remediation validation, technical design reviews, review of test plans and results, and evaluation of new technologies/capabilities in partnership with Global Technology Services.
• Develop memos, reports, and presentations for various technology and risk committees to highlight ETRM findings and recommendations.

Required Skills

• Highly motivated, pro-active individual who has demonstrated ability to take initiative, identify issues, propose solutions.
• Demonstrated experience working with key technology risk frameworks including NIST, FFIEC, CIS Control Library, ITIL, etc.
• Knowledge of Cyber Resiliency tools, technologies, architecture, and processes needed to mitigate risks to critical business services, technology platforms, and data.
• Superior communications, negotiation, and meeting facilitation skills
• Understands importance of cross team collaboration to be able to work with different regions and technology disciplines (including technology PMO) and have finger on pulse of key activities.
• Ability to influence and advise on remediation design and solutions aimed at mitigating risk to firm.
• Oversight and assessment of the design and operational effectiveness testing of controls to ensure sustainability.
• Understanding of technology best practices and trends in areas of Cyber Security, Data Recovery including testing, risk management, Cloud Computing, AI
• Experience in working across Technology Domains and with the three Lines of defense.
• Experience in working on Regulatory activities including exams, review of remediation responses, validation exercises, and closure activities.
• Ability to collect, analyze, and reconcile data across technology repositories and documents to arrive at findings, and to package information for Stakeholders and Senior Management
• Strong project management (with PMP certification preferred), including ability to drive execution through effective planning, engagement, tracking, prioritization, and escalation of issues.
• Experienced in Microsoft Tools (emphasis on Excel and PowerPoint for presentations), Sherlock, Box/SharePoint, Archer Issues Management System
• Minimal (Travel less than 5%)

Education and Work Experience

• Bachelor’s Degree in IT, Cyber Security, or related field.
• A minimum 8+ years of experience in Information Technology, Cyber Security, Risk along with related financial institution experience.
• A minimum 5+ years’ experience (Financial Sector) with different technology platforms and architectures including Cyber, Mainframe, Open Systems, Data Vault and immutable solutions, Cloud, Security Monitoring, SaaS, IaaS, Backup and Recovery, Automation/Discovery tools.
• A minimum 5+ years’ experience in leadership roles with Program/Project Management responsibility

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.