IT Risk Governance and Oversight Lead, VP - State Street Global Advisors at State Street in Boston, Massachusetts

Job Description:

Why this role is important to us

The team you will be joining is a part of State Street Global Advisors, one of the biggest asset managers in the world, that provides services to the world's governments, institutions and financial advisors across the globe. With over four decades of experience and trillions of dollars in assets under management, we offer one of the broadest selections of services across asset classes, risk profiles, regions and styles. As pioneers in index, ETF, and ESG investing, we are always inventing new ways to invest.

Join us if making your mark in the asset management industry from day one is a challenge you are up for.

What you will be responsible for

As Cybersecurity Risk Manager, you will

• Monitor operational security posture to ensure Cybersecurity policies, standards, and procedures are instituted, understood, and followed.


• Manage and participate in complex Cybersecurity projects.


• Lead projects that require the implementation of Cybersecurity measures and controls.


• Conduct Cybersecurity reviews and identify security gaps in the technology ecosystem resulting in recommendations for inclusion in the Cybersecurity controls enhancement program and risk mitigation strategy.


• Review and assess the effectiveness of existing Cybersecurity controls (gap analysis) and associated test results to help improve the Cybersecurity posture.


• Conduct risk assessments for transformational projects (such as Cloud migrations), track mitigations efforts, and develop risk metrics and risk reports.


• Review Cybersecurity controls for internal and external vendors as part of third-party risk assessments.


• Develop Cybersecurity KPIs and KRIs and Cybersecurity risk burndowns to support the business requirements and strategy.


• Take part in major Cybersecurity initiatives and projects as well as in reviews of security systems and internal controls under development.


• Identify potential Cybersecurity risks and related issues by applying knowledge of Information Cybersecurity industry trends and present IT environment.


• Identification of ineffective, or lacking internal and external vendor Cybersecurity controls and quantification of risk to SSGA.


• Analysis of technical intelligence data and reporting and identification of Cybersecurity issues related to vendor control environments.


• Conduct compliance assessment with applicable Cybersecurity regulatory obligations as part of Cybersecurity risk assessments.


• Support Cybersecurity process and control owners to implement remediation solutions by providing mentorship on remediation requirements to balance improved effectiveness with the simplicity of the IT control environment.

These skills will help you succeed in this role

• Broad experience in Cybersecurity processes, controls, countermeasures, standards, and methodologies.


• Possess advanced knowledge of cloud security, network and application vulnerability. assessments, pen testing, among other key Cybersecurity processes.


• Possess sound judgment, Cybersecurity risk awareness, and inquisitive personality; ability to think critically and critic event and outcomes professionally.


• Advanced experience with IAM and PAM solutions.


• Experience in security architecture, with a focus on hybrid and multi cloud solutions.


• Strong proficiency and skills with database applications, including Oracle, Cloud applications, Microsoft Office, and other related technologies.


• Strong ability to give attention to detail in addition to organization and project management skills.


• Strong ability to research and gather information from both business and IT functions.


• Strong analytical and critical thinking skills to resolve issues promptly as they occur.


• Strong ability to work collaboratively and cooperatively with all employees irrespective of their status in the organization.


• Strong presentation, verbal, and written communication skills.


• Strong knowledge of the various Cybersecurity standards recognized in the industry, including NIST CSF, NIST RMF, NIST SP 800-53, ISO27001, ISACA, and other security Frameworks and Standards.


• Ability to work independently, manage multiple tasks simultaneously, and adapt quickly to changes.

• Eight plus years of relevant Cybersecurity experience.


• Ten plus years of General IT and Risk experience.


• Experience in Cybersecurity risk assessments and project management.


• Expert skill analyzing and organizing problems or work processes for technical Cybersecurity solutions.


• Expertise in cyber risk management, including the latest trends, tools and techniques.


• Expertise in evaluating cyber security, cyber resiliency and cyber maturity and the ability to develop and implement effective controls and countermeasures.


• Regulatory expertise, with a strong understanding of compliance requirements for the Financial Services industry.


• Strong knowledge of Cyber and Cloud technologies and tools and the ability to assess associated risks, including data driven monitoring or penetration test approaches.


• Experience in Financial Services is highly preferred.


• Experience collaborating with remote offshore teams.


• Experience in developing KRIs and KPIs for Cybersecurity processes.


• Possess bachelor's degree in computer science, Information Systems, or in another related field.


• Certification in the industry, such as the Certified Information Systems Security Professional (CISSP) or the Certified in Risk and Information Systems Control (CRISC), is a plus.

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary in locations, but you may expect generous medical care, insurance and savings plans among other perks. You'll have access to flexible Work Program to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees' diverse backgrounds, experiences and perspective are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome the candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift program and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Discover more at StateStreet.com/careers

Salary Range:
$110,000 - $185,000 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.