Technology & Cybersecurity Risk Governance, Assistant Vice President

About The Position

Requirements

• Candidate has experience managing small to medium initiatives
• Candidate has experience with supporting various Security Architectures, Defense in Depth Strategy, Cloud environments (AWS, Azure, GCP, OCI), Cybersecurity tools
• Candidate has strong understanding of control frameworks
• Candidate is able to effectively balance multiple tasks
• Candidate is able to work both collaboratively and independently
• Aptitude for researching and identifying emerging technology risks including learning new and complex environments, processes, and technologies
• Excellent written and spoken communication & collaboration skills
• Self-learning and training to ensure skills and knowledge are in line with responsibilities
• A strong understanding of Technology and Cyber Risk Management to influence leaders on the need to embrace risk reduction initiatives and controls
• Proficient in Microsoft Office suite including data analytics in Excel and/or Access
• Experience with IT GRC platforms (Archer), Splunk, EDR, SIEM, Network Management tools
• Bachelor’s degree in Computer Science/Information Systems, Risk Management or a related field, or equivalent experience
• Candidate has a minimum of 5+ years of experience with IT risk, audit or technology operations

Nice To Haves

• Knowledge of IT frameworks such as NIST, ISO, COBIT, ITIL a plus
• Familiarity in Information Security Frameworks including the ISO 27000 family, NIST, Cloud CCM
• Professional designation a plus (e.g. CISA, CISM, CISSP, CRISC)

Responsibilities

• Technology Risk Acceptance Governance – Monitor and engage first line’s Technology Risk Acceptance submissions and facilitate in the review of these through demonstrable challenge in conjunction with the 2LOD SMEs
• Material Risk Inventory – Facilitate in the coordination of bi-annual MRI capture process for Global Technology Services (GTS); Compile MRI workshop results, execute quality assurance over consolidated results from MRI workshop, and integrate the results into the 2LOD oversight processes.
• Risk and Control Self-Assessment (RCSA) – On an annual basis, engage with first line’s scorecards with risk ratings and rationale as the ETRM coordinator; aggregate and reflect second line SMEs assessments of risk ratings, controls and review associated exposure rationale provided by first line; and generate the second line review/challenge on the technology RCSAs
• Support ETRM with regulatory and audit requests, and assist in the execution of the departmental annual risk coverage plan in conjunction with the respective ETRM leaders
• Communicate the departmental views and reports on various risk matters to the appropriate committees and stakeholders
• Learn new and complex environments, processes, and technologies
• Stay abreast of industry developments including but not limited to changes in regulations
• Coordinate or lead various ad-hoc requests, projects
• Develop overall technology / product / business unit knowledge of State Street Corporation

Benefits

• Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
• For a full overview, visit https://hrportal.ehr.com/statestreet/Home