Enterprise Technology Risk (State Street Bank and Trust Company; Boston, MA): identify, analyze, measure, report and manage risks at the corporate level and in partnership with the business units in support of their activities. The position acts as a trusted and influential advisor to State Street's business "C" level engagement. Specific duties include: Define and execute Crown Jewels strategy for the firm; solicit input from business EVPs, CIOs and their direct reports, control group owner leads, and head the discussion and vision in scope to include applications, infrastructure, data and process; define minimum set of controls with requirements from various stakeholders encompassing drivers such as: regulatory, privacy, information security, business continuity, and change management; develop a plan, aligned with corporate Enterprise Technology Risk strategy, accounting for the Enterprise IT business environment, regulatory landscape, technology direction, client base and business strategy; mastering funding and resource allocation to risk programs with focus on crown jewels and manage multiple streams of work in business and IT functional areas such as but not limited to business continuity, cybersecurity, information security, change management/service assurance as well as IT architecture to ensure protection of crown jewels; lead Enterprise Technology Risk India team; identifying, interviewing, on-boarding, training and ensure ramp up for new hires in India; ensuring appropriate work assignments, day to day management, productivity and building an espirit de corps for ETRM India and global ETRM team; providing leadership and mentoring, tracking quality of deliverables and status reporting; serve as Second line of defense (SLoD) for the global continuity services (GCS) program office; provide oversight, review and challenge, SLoD capabilities over the GCS program; provide guidance on appropriate key risk indicators (KRIs), key process indicators (KPIs) and other risk metrics that provide health check; support in developing continuity risk appetite; assist GCS in championing and increasing the scope and remit with executive leadership as appropriate drive proactive identification of risks, prudent management and appropriate application of risk treatment; drive effective implementation and communication of all Technology risk management policies and guidelines conducting and coordinating periodic Technology risk management training, providing ongoing guidance and direction regarding the development, implementing Technology Risk Management plans and objectives, providing ongoing assessment of the Technology Risk Profile through regular status reporting of risk issues and initiatives and developing effective Technology risk reporting and other communication channels to ensure timely escalation of significant risk issues; serve as a subject matter expert in technology risk, controls, compliance, and information security best practices and assist the business, IT and FloD in developing risk identification and assessment methodologies, prioritization of risks and risk initiatives, risk mitigation alternatives; challenging technology risk decisions, direction, and initiatives to provide an independent voice to the risk management process; proactively monitor the technology control environment by utilizing enterprise risk management tools (NBPRA, MRI, RCSA, KRI's, Loss event data) in conjunction with other environmental changes and identifying and addressing potential weaknesses and/or gaps in a timely manner; participating in due diligence efforts for new clients, vendors and M&A activity, as needed; and serve as a liaison with other risk disciplines, internal departments, regulators and other external parties.
Minimum requirements are: Bachelor's degree in Computer Science, Information Technology , or a related field; and 10 years' experience working in technology within the financial services industry
Must have: Proven superior communication, interpersonal, negotiation, presentation and intergroup skills; demonstrated deep understanding of financial business process flows and applications especially wrt payments, custody, NAV pricing, and funds transfer; demonstrated strong expertise in IT Risk framework development and implementation (e.g., ISACA-RISKIT, NIST-800, FAIR); proven ability to translate technical issues into risk terms that business can understand is absolutely necessary; demonstrated experience rolling out a technology risk program either as a First Line of Defense (FloD) or Second Line of Defense (SLoD) necessary to provide appropriate guidance and advise to IT and FloD; thought leadership around technology risks a must; proven ability to be a strong voice for review and challenge while continuing to maintain positive relationships with business stakeholders; excellent understanding and knowledge of IT infrastructure, systems, processes and emerging technologies (e.g., cloud, converged infrastructure): demonstrated strong understanding of IT controls around cybersecurity, information security, business continuity, architecture, platforms; demonstrated strong understanding of critical processes such as change management, identity & access management; proven ability to leverage expertise to challenge IT on efficacy and appropriateness of controls for crown jewels; demonstrated superior people management skills, flexibility in work hours to support and manage employees in global time zones; and d emonstrated excellent data analytical skills including ability to independently integrate disparate data sources, analyze and draw deep insights, communicate those insights effectively, and present to "C" level suite. (Unless otherwise specified, State Street is seeking the ability in the skills listed above with no specific amount of years of experience required. All experience can be gained concurrently).
A pply online at statestreet.com/careers . State Street Job ID: R-644406 . An EOE.