Assistant Vice President - - Boston MA Technology and Information Security Risk Manager Enterprise Technology Risk Management (ETRM) It is an exciting time to join State Street Corporation (SSC) in the Enterprise Risk Management (ERM) organization as member of the Enterprise Technology Risk Management (ETRM) team. State Street is the industry leader in investment management, research & trading and servicing. ETRM is responsible for oversight, monitoring, and advisement around the management of technology risks across the State Street enterprise. State Street is prioritizing the development of highly automated solutions that provide IT professionals, business unit management, and senior leadership with accelerated risk mitigation capabilities and real-time measurement of the enterprise's risk posture - without the inefficiency, inaccuracy, and operational expenses associated with manual, labor-intensive processes. In this role, you will be acting as a trusted and influential liaison as part of our team to State Street's Corporate Information Security (CIS) business for all technology risks. CIS is a business unit within Global Technology Services (GTS) at State Street and is responsible for all of State Street's technology information security. The position is based in Boston area, with limited domestic and international travel expected. General Roles and Responsibilities Your mission is to act as an Enterprise Technology Risk Management liaison to the Corporate Information Security (CIS) Business Unit and First Line of Defense (FLOD) control function on matters relating to the IT risk posture of State Street as benchmarked against applicable laws and regulations, rules, standards and codes of conduct, and best practices.
Evaluating Information and IT Security risks arising from control inefficiencies or lack thereof.
Provide valuable input by supporting the implementation of effective technology risk management by developing and establishing continuous risk Identification, measurement, management and reporting.
Establish and continuously assess a Technology Risk Profile for Information and IT Security through regular status reporting of risk treatment especially on progress and success of risk mitigating initiatives.
Increased transparency and visibility to critical IT risks and advice in prioritization of risk reducing initiatives.
Foundational understanding risk management tools (Material Risk Identification, Risk and Control Self Assessments, Key Risk Indicator Methodology and, Loss Event data)
Good understanding of state of the art IT & Cyber Security and Identity Management products, services and technologies, as well as their respective impact on the organization's risk profile as scale.
Ability to translate technical issues into risk terms that business can understand is absolutely necessary
Good understanding and knowledge of IT infrastructure, systems, processes and emerging technologies such as cloud, converged infrastructure etc.
Minimum 5+ years of experience in the financial, consulting or technology industries
Undergraduate or higher degree in technology preferred.
Experienced technical leader with over 3+ years of working experience in IT infrastructure, application security and risk with specialty in: IT Infrastructure, Security and Information Assurance, Identity and Access Management, Security Reference and Cloud Service Architecture