Risk Governance Policy and Standards Vice President:

About The Position

Requirements

• Significant experience in managing the technology policy / standards office for a large corporate organization
• Deep understanding of technology standards and associated risk
• Ability to challenge stakeholders that propose policy / standards change requests that would negatively impact the technology risk position
• Ability to interact with and communicate professionally with multiple levels of management in multiple regions
• Excellent verbal and written communication skills, ability to express ideas and understand workflows
• Strong time management skills, problem-solving and critical thinking skills
• Prior knowledge of State Street control assessment framework a plus
• Proven experience with a GRC tool such as Archer
• Experience in creating process flows, identifying controls, creating management information in powerpoint decks
• Must have the ability to operate in a timely in a deadline-oriented environment with simultaneous deliverables
• Must be detail-oriented
• Experience working in the Financial industry preferred, but not required
• B.S. or equivalent experience
• Minimum 5 years of experience working in Information Security or general IT areas related to risk management, internal policies frameworks, controls assurance, compliance programs, cybersecurity and information security regulations, and industry standards
• Preferably 5 years of prior experience in a policy management team
• Preference for working towards a professional certification: Certified Information Security Auditor (CISA), Certified Risk & Information Systems Controls (CRISC), etc

Responsibilities

• Oversee efforts to consolidate the firms technology policies into
• Lead transformation efforts to restructure policy and standards to align to three master policies (Cybersecurity, Technology, and Data Management)
• Maintain the mapping of polices, standards to agreed-upon industry best practices (e.g. NIST, COBIT, ITIL etc.) and align with control objectives
• Chair periodic Policy and Standards governance councils (for each GTS risk domain) to manage the policy / standards lifecycle (i.e. reviewing / approving proposed policy / standards change requests from business line risk representatives and technology SMEs)
• Partner with Technology Risk Advisors to understand compliance with GTS policies and standards and establish remediation plans (where appropriate), resolve issues, and ensure adherence to all policies/regulations/guidelines
• Develop plans to link policies and standards to control objectives in the firm’s strategic policy and standards management tool enabling alignment to the GTS control architecture
• Partner with the metrics framework team to identify appropriate policy and standards related risk metrics for consumption by operational leadership
• Assist in monthly reporting on the status and outcomes of policy / standards related activities
• Re-enforce an inherent culture of accountability and ownership for policy / standards lifecycle management within the GTS organization
• Build strong relationships with subject matter experts and other stakeholders to drive risk excellence
• Maintain adequate records and evidence of policy / standards management activities