hero

Mass Fintech Careers

Discover the opportunities across the Mass Fintech Community

Head of Cybersecurity Governance, Regulatory Compliance and Issues Management.

State Street

State Street

Legal
Quincy, MA, USA
Posted on Nov 30, 2024

We are seeking a senior leader to serve as the Head of Cybersecurity Governance, Regulatory Compliance, and Issues Management, a critical role in ensuring the organizations cybersecurity program operates with transparency, accountability and alignment with regulatory and business priorities.

The role is responsible for overseeing the development and implementation of robust governance frameworks, ensuring compliance with cybersecurity regulations and standards, and managing the lifecycle of issues and risks that impact the organizations risk and security posture.

The ideal candidate will have a proven track record in cybersecurity governance, regulatory adherence and risk management, coupled with exceptional leadership and communication skills.

About the Cybersecurity GRC Team

The Governance Risk & Compliance team is an exciting and growing area of cybersecurity with unique insight into the whole spectrum of our cybersecurity activity at State Street.

The function ensures that State Street aligns with business objectives, regulatory requirements and risk tolerance. It operates through three core pillars; Governance, Risk and Compliance supported by ongoing monitoring , reporting and improvement.

As a member of the Cybersecurity GRC Team, you will have a significant opportunity in making a difference on the team, within the cybersecurity organization, as well as State Street overall.


What you will be responsible for

Governance and Oversight

  • Defining and maintaining the organizations cybersecurity governance framework, ensuring alignment with business objectives and risk tolerance.
  • Leading the development of cybersecurity policies, standards and procedures ensuring consistency across all subs and affiliates.
  • Overseeing the cybersecurity stakeholder management plan, driving decision making ,tracking accountability and fostering stakeholder management

Regulatory Compliance

  • Ensuring compliance with all applicable cybersecurity regulations, standards and frameworks (e.g. GDPR, CCPA, PCI DSS, NIST, ISO 27001)
  • Serving as the primary liaison with the regulatory management and compliance functions, ETRM and Corporate Audit on matters of cybersecurity compliance.
  • Maintaining a comprehensive understanding of evolving regulatory landscapes and proactively adapting policies, standards and controls to meet new requirements

Issues and Risk Management

  • Establishing and overseeing a centralized cybersecurity issues management program, tracking and resolving issues related to risks, audits and compliance.
  • Working across other functions to identify, assess prioritize and close cybersecurity issues.
  • Develop processes to escalate critical issues ensure timely resolution in accordance with the Issues Management Standard.
  • Provide regular reporting and actionable insights to the GCS Leadership team on issue and remediation progress.

What we value

  • A strategic thinker who can drive alignment across diverse stakeholders while maintaining clear focus on organizational objectives
  • A subject matter expert who understands the complexities of cybersecurity regulations and standards and can translate them into actionable strategies.
  • A leader who anticipates challenges, navigates complex issues and drives effective resolutions.
  • An advocate for clear communications and robust reporting that builds trust with the team and stakeholders.

Preferred Qualifications

  • 10+ Years of experience in cybersecurity, with significant exposure to governance, compliance and risk management
  • Deep knowledge of cybersecurity regulations, standards and frameworks (e.g., NIST, CSF etc.)
  • Demonstrated expertise in managing governance structures, regulatory compliance efforts and issue tracking systems such as Archer.
  • Proven leadership experience with the ability to build and manage high performing teams.
  • Relevant certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable.

About State Street

What we do.

State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You’ll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

Salary Range:

$175,000 - $287,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street's Speak Up Line