Cyber Enablement & Transformation Managing Director

About The Position

Requirements

• 15+ years in cybersecurity, technology risk, or security operations; 8+ years leading large programs/portfolios and service delivery at scale.
• Proven experience defining enterprise cyber strategy and driving execution through measurable outcomes.
• Deep familiarity with control and regulatory frameworks (NIST CSF, ISO 27001, FFIEC, OCC, GDPR) and enterprise risk management.
• Hands‑on expertise with security operations processes (incident management, threat detection/response, vulnerability management, identity governance) and ITSM.
• Advanced fluency with metrics and visualization tools (e.g., Tableau or PowerBI dashboards for control health, SLA adherence, MTTR) and executive reporting.
• Exceptional leadership, communication, and stakeholder management skills; ability to influence senior executives and cross‑functional teams.

Nice To Haves

• Drive culture change towards outcomes‑based delivery, transparency, and measurable value; mentor senior leaders and foster a high‑performance organization.
• Partner with Lines of Defense, Audit, Risk, and Technology to close findings, remediate vulnerabilities, and demonstrate sustained control effectiveness.
• Present strategy, status, and risk posture to executive committees and regulators; ensure timely, accurate reporting against commitments.

Responsibilities

• Author and maintain a written “protect the firm” strategy that sets enterprise cyber objectives, risk appetite, controls coverage, operating principles, and multi‑year investment roadmap; ensuring alignment enterprise strategy.
• Integrate regulatory requirements and control frameworks (e.g., FFIEC, OCC, GDPR, NIST CSF, ISO 27001) into strategic objectives and execution plans.
• Lead a portfolio of cyber initiatives using a structured delivery framework (governance, intake, prioritization, benefits tracking).
• Establish rigor for scope, schedule, budget, risk/issue management, dependency tracking, and benefits realization across cyber programs; ensure disciplined execution and accountability.
• Build an operational metric and visualization strategy for cyber operations—defining North Star outcomes, KPIs, leading/lagging indicators, and dashboards (e.g., MTTR, incident SLA adherence, control health, vulnerability posture, identity governance).
• Standardize data sources and measurement methods; publish executive‑ready visualizations and performance reviews tied to risk posture and regulatory commitments.
• Build and run a cyber service desk that manages request intake, case routing, triage, and escalation; integrate with ITSM processes and tooling.
• Stand up exception management (documented risk acceptance/compensating controls) and consequence management processes (playbooks, enforcement actions, remediation tracking) with clear SLAs, approvals, and audit trails; align to incident and response standards.
• Lead transformation and innovation across cyber operations, evolving how teams work (automation, SOAR, AI‑assisted analytics, playbook standardization), optimizing control coverage and resilience, and embedding continuous improvement.

Benefits

• Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
• For a full overview, visit https://hrportal.ehr.com/statestreet/Home