IT Risk Governance and Oversight Lead, VP - State Street Global Advisors
State Street
- Boston, MA
- $110,000-185,000 per year
- Permanent
- Full-time
- Monitor operational security posture to ensure Cybersecurity policies, standards, and procedures are instituted, understood, and followed.
- Manage and participate in complex Cybersecurity projects.
- Lead projects that require the implementation of Cybersecurity measures and controls.
- Conduct Cybersecurity reviews and identify security gaps in the technology ecosystem resulting in recommendations for inclusion in the Cybersecurity controls enhancement program and risk mitigation strategy.
- Review and assess the effectiveness of existing Cybersecurity controls (gap analysis) and associated test results to help improve the Cybersecurity posture.
- Conduct risk assessments for transformational projects (such as Cloud migrations), track mitigations efforts, and develop risk metrics and risk reports.
- Review Cybersecurity controls for internal and external vendors as part of third-party risk assessments.
- Develop Cybersecurity KPIs and KRIs and Cybersecurity risk burndowns to support the business requirements and strategy.
- Take part in major Cybersecurity initiatives and projects as well as in reviews of security systems and internal controls under development.
- Identify potential Cybersecurity risks and related issues by applying knowledge of Information Cybersecurity industry trends and present IT environment.
- Identification of ineffective, or lacking internal and external vendor Cybersecurity controls and quantification of risk to SSGA.
- Analysis of technical intelligence data and reporting and identification of Cybersecurity issues related to vendor control environments.
- Conduct compliance assessment with applicable Cybersecurity regulatory obligations as part of Cybersecurity risk assessments.
- Support Cybersecurity process and control owners to implement remediation solutions by providing mentorship on remediation requirements to balance improved effectiveness with the simplicity of the IT control environment.
- Broad experience in Cybersecurity processes, controls, countermeasures, standards, and methodologies.
- Possess advanced knowledge of cloud security, network and application vulnerability. assessments, pen testing, among other key Cybersecurity processes.
- Possess sound judgment, Cybersecurity risk awareness, and inquisitive personality; ability to think critically and critic event and outcomes professionally.
- Advanced experience with IAM and PAM solutions.
- Experience in security architecture, with a focus on hybrid and multi cloud solutions.
- Strong proficiency and skills with database applications, including Oracle, Cloud applications, Microsoft Office, and other related technologies.
- Strong ability to give attention to detail in addition to organization and project management skills.
- Strong ability to research and gather information from both business and IT functions.
- Strong analytical and critical thinking skills to resolve issues promptly as they occur.
- Strong ability to work collaboratively and cooperatively with all employees irrespective of their status in the organization.
- Strong presentation, verbal, and written communication skills.
- Strong knowledge of the various Cybersecurity standards recognized in the industry, including NIST CSF, NIST RMF, NIST SP 800-53, ISO27001, ISACA, and other security Frameworks and Standards.
- Ability to work independently, manage multiple tasks simultaneously, and adapt quickly to changes.
- Eight plus years of relevant Cybersecurity experience.
- Ten plus years of General IT and Risk experience.
- Experience in Cybersecurity risk assessments and project management.
- Expert skill analyzing and organizing problems or work processes for technical Cybersecurity solutions.
- Expertise in cyber risk management, including the latest trends, tools and techniques.
- Expertise in evaluating cyber security, cyber resiliency and cyber maturity and the ability to develop and implement effective controls and countermeasures.
- Regulatory expertise, with a strong understanding of compliance requirements for the Financial Services industry.
- Strong knowledge of Cyber and Cloud technologies and tools and the ability to assess associated risks, including data driven monitoring or penetration test approaches.
- Experience in Financial Services is highly preferred.
- Experience collaborating with remote offshore teams.
- Experience in developing KRIs and KPIs for Cybersecurity processes.
- Possess bachelor’s degree in computer science, Information Systems, or in another related field.
- Certification in the industry, such as the Certified Information Systems Security Professional (CISSP) or the Certified in Risk and Information Systems Control (CRISC), is a plus.