MD, Head of Cybersecurity Control Assurance
Who we are looking for
State Street Controls Testing and Monitoring Program is to provide agile and targeted cybersecurity controls assurance in response to identified threats and risks to the enterprise in alignment with industry leading frameworks (e.g., NIST CSF, NIST 800-30). The Program enables the operationalization of prioritized cybersecurity control testing and remediation requirements, to ensure residual risk is in alignment with risk appetite. This candidate will be responsible to run this program within the Global Cybersecurity team and lead a cross functional team responsible to assess risks and controls that are required to manage Cybersecurity risks across State Street. As a member of the Governance, Risk & Compliance team, this member will be responsible for planning, overseeing and sustaining an ongoing risk and control assurance program that aligns with State Street risk framework and also informs decision making by Executive Management.
The person in this role will demonstrate deep knowledge of current industry methods for evaluating, implementing, and distributing information technology (IT) security assessments, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. Additionally, the person in this role will demonstrate knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data and will possess skills used to determine how a security system should work, including its resilience and dependability capabilities, and how changes in conditions, operations, or the environment will affect these outcomes What you will be responsible for:
As Head of Global Cybersecurity Risk and Control Assurance you will
What we value
- Lead efforts to successfully deliver on Cybersecurity Risk and Control Assessment initiatives through close collaboration with Global Cybersecurity Senior Management and other stakeholders
- Re-enforce an inherent culture of accountability and ownership for implementation and execution of controls across all levels and functions within the Global Cybersecurity organization
- Implement and maintain the Global Cybersecurity risk assessment frameworks that supports the threat models
- Implement and maintain Global Cybersecurity control assurance program that validates and reports on the adequacy and effectiveness of controls in alignment with Statestreet control framework
- Oversee a cross cultural team of experts in assessing risk and controls, manage their execution, delegation of activities, training and career development.
- Continuously assess and propose opportunities to enhance risk management processes and controls improvement, and provide guidance to business on design and application of key controls, procedures and best practices.
- Escalate risks and issues to Executive management
These skills will help you succeed in this role
Education & Preferred Qualifications
- Independent, strategic thinker with an ability to operate with a global mindset and establish a long term vision in managing Cybersecurity and Information technology risks.
- Deep knowledge and comprehensive understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
- Demonstrated knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk and in may of the following cyber risk domains: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Network Security Operations, Security Architectures, Identity Management,Disaster Recovery & Business Continuity, Incident Response, P,rivacy and Data Protection, Encrytion
- 15 + years Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
- Excellent verbal and written communication skills
- Ability to communicate strongly with team members and senior management.
- Thrives working within a fast-paced environment
- Bachelor's degree and certifications in any 1 or more as below is required:
- Certified Information Security Auditor (CISA), Certified Risk & Information Systems Controls (CRISC) or Certified Information Security Manager (CISM) certification preferred or similar Information Security experience.
Occasional travel within and outside US will be required ( Why this role is important to us
Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We're driving the company's digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation.
We offer a collaborative environment where technology skills and innovation are valued in a global organization. We're looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company.
Join us if you want to grow your technical skills, solve real problems and make your mark on our industry. About State Street What we do.
State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients. Work, Live and Grow.
We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary in locations, but you may expect generous medical care, insurance and savings plans among other perks. You'll have access to flexible Work Program to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential. Inclusion, Diversity and Social Responsibility.
We truly believe our employees' diverse backgrounds, experiences and perspective are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome the candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift program and access to employee networks that help you stay connected to what matters to you.
State Street is an equal opportunity and affirmative action employer.
Discover more at StateStreet.com/careers