State Street seeks to recruit a Cyber Governance, Risk & Compliance (GRC) leader to enable the transformation to a business enabling governance, risk and compliance team that drives towards clear informed risk-based decisions by the business and a trust center model to facilitate transparency and customer trust, while still meeting stringent regulatory requirements to protect State Street, its customer, partners and employees.
This candidate should be a proven global GRC leader who has experience in delivering outcomes with operational excellence and a focus on the customer and business needs. The candidate should have experience in large scale cyber transformations, as well as company digital transformations. Talent acquisition and development are a critical component to ensure the success of this organization, and therefore this leader should be a teacher and mentor with experience in identifying, creating and retaining high potential and high performance teams.
This leader will have a broad range of responsibilities within the cyber team and will be responsible for the strategy and implementation of the new GRC function. Specifically this leader will have responsibility for Cyber GRC and the key underlying capabilities to include but not limited to:
Participate as a member of the security leadership team in establishing the strategy, direction and controls to ensure that objectives are achieved, risks are managed appropriately and the organization’s resources are used responsibly.
Provide security thought leadership across the organization.
Develop and implement risk management assessments and strategies in collaboration with Enterprise Technology Risk Management
Direct all security compliance programs across the organization, and partner with Business Controls function
Develop and manage security policies, procedures, controls, recommendations and standards to ensure compliance with applicable security laws, regulations, and privacy legislation as appropriate
Alignment with the rest of the GTS and business functions
Reports to: EVP & CISO
Other key relationships:
SVP – Cyber Architecture and Engineering
SVP – Cyber Fusion
GTS CTO & CTO organization
Collaboration with 3LOD – Compliance, Risk Management, Corporate Audit
Key Responsibilities
Drive the cyber GRC strategy for State Street to create an industry leading capability to appropriately govern and manage cyber risk
Translate the GRC strategy into an executable, timebound roadmap for delivery and define the appropriate organization design and interaction points with other functions
Collaborate with Cyber Architecture and Engineering to ensure the appropriate standards available to support the corporate policies
Build out and retain critical cyber talent, along with the necessary supporting pipeline
Ensure existing obligations to the business and regulators are met within the specified timelines
Create visibility through effective metrics and reporting
Manage and make appropriate changes to the product assurance (secure development lifecycle (SDL)) and ensure the program is implemented enterprise wide to support application/product assurance
Influence and work with all Lines of Business for the Product Assurance and GRC functions.
Provide feedback and thought leadership to SSTB program across the organization
Desired Outcomes
Delivery of a cyber GRC function, that enables State Street to have a world-class capability to effectively address the increasingly complex and rapidly evolving security needs of the Bank
Delivery of integrated capabilities across various sub-disciplines within the GRC organization, Cyber, and Global Technology Services
Strong partnership with 3 lines of defense
Integrated & optimized governance program that works collaboratively with Lines of Business to ensure secure solutions and delivery
Formation of Trust Center model to enable strong customer trust
Build a team across the appropriate security domains with a deep bench of talent, succession plans, and a cohesive culture of operational excellence, accountability and a passion for learning.
Ideal Experience
15+ years of managerial experience in information security, a security related field or other complex information risk management function
Cyber related Governance, Risk & Compliance experience to cover both IT and Product (customer delivery)
Has lead teams in excess of 200 – FTE and contractors/outsourcers