Assistant Vice President – IT Security Governance & Risk Management

About The Position

Requirements

• 7–10+ years of experience in IT risk management, security governance, identity and access management, or regulatory compliance.
• Proven ability to lead remediation activities across large, complex application portfolios.
• Strong experience producing executive‑level reporting and communicating technical risk to senior stakeholders.
• Demonstrated ability to drive accountability, follow‑through, and escalation in matrixed environments.
• Strong analytical, organizational, and stakeholder‑management skills.

Nice To Haves

• Experience within financial services, insurance, or other highly regulated industries.
• Familiarity with identity governance, vulnerability management, MFA programs, and application security controls.
• Hands‑on experience with enterprise tools such as ServiceNow, identity platforms, SharePoint, and reporting/analytics tools.
• Prior experience supporting audits, regulatory reviews, or risk committees.

Responsibilities

• Identity & Access Risk Management Lead remediation of aged passwords and non‑human/service accounts across a large portfolio of AIS and Insurance applications.
• Partner with application and production support teams to drive corrective actions including password rotation, account disablement, or decommissioning.
• Track remediation activity through enterprise change management tools and ensure committed actions are executed on schedule.
• Validate remediation outcomes using identity and access platforms and ensure evidence is audit‑ready.
• Maintain centralized tracking, metrics, and reporting for non‑compliant accounts.
• Escalate repeated non‑compliance and missed timelines to senior management, clearly articulating risk and impact.
• Vulnerability & Patch Governance Review weekly vulnerability reports and validate trends, new findings, and remediation progress.
• Identify carried‑over and at‑risk vulnerabilities and engage application teams to ensure timely resolution.
• Maintain high‑quality data sets and develop management views to support leadership decision‑making.
• Produce weekly executive‑level reporting for AIS and Insurance portfolios, including risks, trends, and remediation timelines.
• Coordinate with infrastructure and security teams to resolve issues and remove blockers.
• Multi‑Factor Authentication (MFA) Compliance Track and govern MFA implementation across AIS and Insurance applications.
• Coordinate with application teams to manage timelines, dependencies, and attestations.
• Provide clear, concise weekly status reporting to senior leadership.
• Highlight risks and escalate applications not meeting agreed‑upon milestones.
• Policy Violations & Control Exceptions Review periodic policy violation reports related to application security controls.
• Engage application owners to obtain remediation plans and progress updates.
• Provide guidance on remediation of common violations and control gaps.
• Escalate non‑responsive or non‑compliant applications to senior leadership.
• Application Risk Remediation Drive remediation of interactive and legacy account risks in collaboration with application owners and support teams.
• Support teams with remediation approaches to align accounts with non‑interactive access standards.
• Maintain status tracking and escalate stalled remediation activity where required.
• Application Lifecycle Risk & Resilience Ensure applications using end‑of‑life or unsupported components are properly documented in enterprise lifecycle risk repositories.
• Validate remediation timelines and support application teams with required updates.
• Escalate applications that fail to maintain accurate lifecycle risk data.
• Financial & Delivery Transparency Produce and maintain governance and status reporting for key technology initiatives within AIS and Insurance.
• Partner with delivery teams to ensure accomplishments, upcoming activities, and risks are accurately captured and communicated.
• Support audit and regulatory inquiries through consistent, high‑quality reporting.

Benefits

• Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
• For a full overview, visit https://hrportal.ehr.com/statestreet/Home.