Head of AI Security & Data Protection

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or related field; Master’s degree highly preferred.
• Relevant industry certifications (e.g., CISSP, CISM, CDPSE, CIPP/E, CRISC, certifications in cryptography or architecture) are highly desirable.
• Minimum of 15+ years of progressive experience in information security and enterprise architecture, with at least 8-10 years in senior leadership roles within large, complex organizations.
• Extensive experience in data protection, information lifecycle management, and data governance within regulated, global enterprises (banking/financial services preferred).
• Proven experience in developing and implementing enterprise-wide security and architecture strategies and programs.
• Deep technical understanding of data security technologies, architectures, and cryptographic infrastructure, including PQC readiness.
• Experience with cloud security (AWS, Azure, GCP) and securing data in cloud environments.
• Broad expertise in cybersecurity frameworks and industry standards (NIST, COBIT, FFIEC, ISO 27001, etc.).
• Exceptional leadership, communication, and interpersonal skills.
• Ability to translate complex technical concepts into clear, actionable insights for technical and non-technical audiences.
• Strategic thinker with a results-oriented approach and foresight to anticipate future threats.
• Demonstrates the ability to drive organizational change with clear sponsorship, wide adoption, and measurable impact.
• Proactively develops new skills and capabilities beyond current comfort zones.

Responsibilities

• Strategic Leadership · Develop and execute State Street’s global strategy for secure AI and data protection, aligned with business objectives and regulatory requirements.
• Define and steward secure AI architectures and threat modeling frameworks across the enterprise.
• Lead the identification, assessment, and mitigation of risks across enterprise data security, including emerging threats from quantum computing and AI.
• Champion security-by-design principles in all technology initiatives, integrating security into application development, infrastructure, and cloud environments.
• Data Protection & Governance · Develop and execute a comprehensive data protection strategy for customer, supplier, and product data, with actionable controls and measurable outcomes.
• Define, implement, and maintain data protection policies, standards, and procedures, ensuring ongoing compliance and executive sponsorship.
• Maintain deep knowledge of global data protection laws and frameworks (GDPR, CCPA, LGPD, NYDFS, PCI DSS, etc.) and industry standards (NIST, COBIT, ISO 27001).
• Lead architecture, tooling selection, risk assessment, control design, and implementation for data protection and governance solutions.
• Threat Modeling & Defensible Architecture · Establish and mature threat modeling practices for AI, integrating them into architecture and engineering processes.
• Oversee the development and implementation of pilot programs and testing for emerging technology security (e.g., Post-Quantum Cryptography migration, AI model governance).
• AI Security & Emerging Technology · Manage data protection for AI/Generative AI initiatives, including data governance for models, data provenance, and model risk considerations.
• Stay abreast of emerging threats and technologies, proactively enhancing State Street’s security posture in areas such as quantum computing, AI, and cloud security.
• Collaborate with architecture and engineering teams to evaluate and integrate suitable security solutions for emerging technologies.
• Operational Excellence & Program Management · Oversee the design, implementation, and management of data security controls: DLP, data classification, encryption, tokenization, masking, database activity monitoring, and cloud data security posture management.
• Drive controls automation and governance technology initiatives (e.g., Archer, ServiceNow GRC) to streamline risk management, policy enforcement, and audit readiness.
• Integrate GRC with project/portfolio management tools (e.g., Jira, Clarity) for alignment of control requirements and remediation efforts.
• Develop and implement incident response plans and procedures, including considerations for “Harvest Now, Decrypt Later” scenarios.
• Stakeholder Engagement & Advisory · Serve as a trusted advisor to the CISO, executive leadership, and business units on all matters related to enterprise architecture, data protection, and emerging technology security.
• Build strong partnerships with the Chief Data Officer (CDO), Chief Technology Risk Officer (CTRO), Chief Architect, Head of Emerging Technologies and business units to embed security requirements in business processes.
• Represent State Street in industry forums, conferences, and regulatory discussions related to data security and emerging technologies.
• Analytics, Insights & Decision Support · Deliver measurable dashboards and KPIs/KRIs that drive action and provide insights into the effectiveness of security controls and architecture for AI and data programs.
• Synthesize input from diverse stakeholders to develop practical, scalable solutions and recommendations.
• Team Leadership & Development · Build, mentor, and lead high-performing teams of architects, engineers, and analysts, fostering expertise in AI security, data protection, and emerging technology security.
• Drive talent development, succession planning, and cross-functional collaboration.

Benefits

• The opportunity to play a pivotal role in securing a leading global financial institution, addressing one of the most significant emerging cyber threats.
• A challenging and rewarding work environment with significant impact.
• Competitive salary and comprehensive benefits package.
• Opportunities for professional growth and development, particularly in cutting-edge areas like quantum security.
• A collaborative and supportive team culture.
• Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.