Senior Information Security Officer,Vice President

  • Location: London, England, United Kingdom
  • Salary: Not Specified
  • Job Type: Full time

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success. Our promise to

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

Our promise to maintain an environment where every employee feels valued and able to meet their full potential infuses our company values. It’s also part of our commitment to inclusion, development and engagement, and corporate social responsibility. You’ll have tools to help balance your professional and personal life, paid volunteer days, and access to employee networks that help you stay connected to what matters to you. Join us.



Purpose of Role:

A fundamental principle of the Information Security Officer Program is ensuring that all people, processes and technologies comply with CIS Controls. Senior Information Security Officers, Information Security Officers and Information Security Administrators, supporting business unit Senior Management, are tasked with monitoring compliance to these Controls. Senior Information Security Officers, Information Security Officers and Information Security Administrators are critical to a business units’ enhanced security posture.

Regular interaction with Business Heads, Business and Functional Senior Management and other Control functions.

Major Responsibilities :

Role specifics 

The Senior Information Security Officer (Sr. ISO) will drive compliance with CIS security controls in our business units.   Applicants must have previous experience in successfully acting as a trusted and influential information security advisor to senior-level business management in a large organization.   The Senior ISO will be responsible for monitoring compliance throughout their assigned business area by engaging in the following 



  • Successfully position themselves as a trusted advisor sought out by senior business line management for advice and guidance on security issues


  • Develop and maintain a strong understanding of the business processes and technologies used in the business line, and the information security controls that must be applied to these processes and technologies


  • Manage information security compliance assessment and remediation of identified business control failures


  • Create and/or participate in processes (such as SDLC tollgate meetings and strategic  business planning sessions) to ensure that potential security risks associated with new and existing business processes and IT applications are identified and addressed


  • Help CIS understand the potential business impacts of proposed new controls, and of potential security risks from new business initiatives


  • Actively help business unit management evaluate and mitigate risks associated with third party vendors, as part of State Street’s broader third party risk program


  • Act as a knowledge bridge between the business line and Corporate Information Security (CIS) during monthly reviews of information security controls


  • Develop and maintain among  all levels of business line staff a high level of awareness about security issues and control objectives


  • Partner with CIS to develop and deliver actionable security reporting


  • Attend and actively participate in recurring meetings of State Street’s global Information Security Officer network


  • Oversee the work of the business unit Information Security resources (Information Security Officers and Administrators)


  • Participate in security incident response program representing the business area to detect and to respond to incidents in a timely manner


  • Ensure management attention to CIS Vendor Risk assessment deliverables


  • Demonstrate a commitment to information security  by obtaining additional training and staying current with information security technologies and practices.


  • Review and approve non-standard access for high risk access (e.g. blocked web sites, mass storage, application access, non-standard device and non-


  • expiring  passwords, process and system IDs)

The ability to influence senior business leaders about the need to embrace new security initiatives and controls is key to success in this role.  When and if necessary, the Senior ISO will also participate in State Street’s incident management process as an information security subject matter expert and will, on occasion, meet with clients to discuss State Street’s information security program and capabilities.  The Sr. ISO must possess the following skills/experience:

Individual Contributor



  • Display a culture of individual ownership of tasks to embed a clear individual sense of accountability in performing the role


  • Ensure that the highest level of the Code of Conduct is displayed in your behaviour


  • Provide appropriate management information as required to support business unit decision making


  • Support the ‘Risk Excellence’ culture within the business


  • Adhere to  limits of delegation and escalation procedures required by your manager so that you comply with internal policies and external regulations



Qualifications:

Level of Education

Strong information security program management/leadership experience

Business concepts including financial, business requirements, compliance and risk management

Financial services experience a plus

Required Competencies



  • Ability to courageously influence colleagues at levels


  • Strong written and oral communication skills


  • Strong presentation skills

Professional organisation membership / certification



  • CISA, CISM, CISSP or similar certification required or an agreed upon plan to achieve this certification within 1 year of hire