Perform due diligence assessments within State Street's Third Party Risk Management Program with current regulatory requirements and risk based reviews including new engagements and ongoing monitoring of existing providers.
Ensure quality and timely responses in support of State Street's global internal business units by providing accurate and in-depth due diligence risk assessments of third-parties holding data outside of State Street's controls. The analyst is expected to help evolve the third-party as they partner with the service providers, business unit and core infrastructure teams to determine solutions to identify security issues.
Execute Corporate Information Security Third-Party Vendor Risk Management Program: managed Due Diligence requests across the enterprise and provided remote and in-person reviews of the security program to key service providers.
Assist with initial review of third-party Security Schedules; provide guidance and support to legal, the business units and the vendors.
Enhance education and awareness program to include third party security communications for cyber threat events such as Petya, WannaCry, etc., for internal and external parties.
.Conduct compliance and security assessments of various network components of the global infrastructure identifying gaps to regulatory and compliance requirements relative to ISO 27001/27002, NIST 800-53, FFIEC, Cloud Security Alliance (CSA) and others meeting current regulatory environments globally.
Function as a technical consultant performing vendor risk assessments on information security and privacy controls for State Street's portfolio of third-party service provider population.
Actively help business unit management evaluate and mitigate risks associated with third party vendors, as part of State Street's broader third party risk program.
Act as a knowledge bridge between the business line and Corporate Information Security (CIS) for identified 3rd party risk findings.
Participate in established virtual, cross-discipline team as it moves from decentralized Due Diligence process into a centralized model in order to establish oversight, compliance and legal review, as well as quality control.
Leverage methodologies to ensure enhanced process further aligned with increasing volumes and demands.
Participate in the roundtable review process for global team members to present due diligence findings - ensuring a consistent and high quality deliverable for third-party information security vendor risk assessments. Requirements for State Street and vendors using public and private cloud configurations were developed, documented, added to internal controls manual, security schedules and due diligence assessments.
Ensure management attention to CIS Vendor Risk assessment deliverables-Support as required, the design and development of enhanced third party risk program to move from manual, US-centric model to automated Global model incorporating GRC tool development and design.
Contribute to the development and enhancement of a standard due diligence assessment and framework based upon compliance with industry standards, global regulations and privacy laws for assessing third-party service providers.
Mapped and performed a gap analysis to ISO 27001/27002, NIST 800-53, FFIEC, Cloud Security Alliance and global privacy laws and regulations
.Demonstrate a commitment to information security by obtaining additional training and staying current with information security technologies and practices.
Applicants must have previous experience in successfully acting as a trusted and influential information security advisor to business management in a large organization.
Bachelor degree or higher preferred
Minimum 5 years relevant IT experience
Minimum 2 years of information security , compliance or audit experience related to third-party risk preferred
Financial services experience a plus
CISA, CISM, CRISC, CISSP or similar certification required or an agreed upon plan to achieve this certification within 1 year of hire
Ability to courageously influence colleagues at levels