Cyber Exercise Program Lead

State Street-posted 3 months ago
$120,000 - $187,500/Yr
Full-time • Mid Level
Quincy, MA
5,001-10,000 employees
Securities, Commodity Contracts, and Other Financial Investments and Related Activities
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Cyber Exercise Program Lead will be a member of the Offensive Security team within the Global Cyber Security (GCS) group. The Cyber Exercise Program Lead will develop, execute, and evaluate exercises and workshops that address the priorities established by executive leadership. These exercises provide the organization the opportunity to shape planning, assess and validate capabilities, and address areas for improvement. This person must be comfortable leading their security initiatives across a large, diverse, and complex global financial environment.

  • Develop Cyber Exercise Program procedures that align with State Street Policies and Standards and that leverage U.S. government Homeland Security Exercise and Evaluation Program (HSEEP) guidance.
  • Develop, execute and evaluate approximately multiple cyber workshops and exercises annually to identify opportunities for improvement to the enterprise's security framework.
  • Work with other teams to identify opportunities for improvement and recommend ways to improve security capabilities.
  • Design threat scenarios based on threat intelligence, and State Street's IT systems, procedures and teams.
  • Develop all materials required for exercises and workshops, including: executive requirements memorandum, situational manuals, participant invitations, facilitation materials, after action reports, and remediation plans.
  • Thoroughly document all phases of exercises and workshops, including: scope, plan, findings & recommendations, and remediation plans to satisfy audit requirements.
  • Support the creation of hardening guidance, detection rules, security alerts and other security solutions for addressing opportunities for improvement.
  • Assist with resolution of regulatory findings, and implementation of remediation plans.
  • Developed, executed and evaluated multiple cyber security exercises of varying complexity and scope.
  • Knowledge of relevant frameworks and concepts, including: MITRE ATT&CK & D3FEND, the diamond model, the intelligence cycle, U.S. Department of Defense Joint Exercise Life Cycle (JELC), U.S. Department of Homeland Security Homeland Security Exercise and Evaluation Program (HSEEP), and U.S. Cybersecurity & Infrastructure Security Agency (CISA) Tabletop Exercise Packages (CTEPs).
  • Extensive experience writing defensible exercise documents that withstand audit scrutiny and have driven organizational improvement.
  • Strong organizational, task switching, and prioritizing skills.
  • Ability to work independently and solve challenging problems with stakeholders.
  • Knowledge of common vulnerabilities and exposures (CVE) programs.
  • Attention to detail
  • Collaboration and influencing
  • Working professionally with confidential information
  • Presentation skills, both orally and written
  • Professional approach to communicating complex and contentious ideas and solutions in simple terms to a broad audience.
  • Bachelor's Degree in a relevant subject, including business, information technology, cybersecurity, engineering, and communications.
  • 3+ years of Cyber Event Coordination experience or equivalent
  • 3+ years of developing, executing and evaluating exercises.
  • Experience in a financial services organization.
  • Experience in cybersecurity operations.
  • Training and certification in planning and executing exercises.
  • Advanced Microsoft Office skills.
  • Generous medical care
  • Insurance and savings plans
  • Flexible Work Programs
  • Development programs
  • Educational support
  • Paid volunteer days
  • Matching gift programs
  • Access to employee networks
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service