Sr. Information Security Officer, Managing Director
Munich, Germany
State Street
State Street provides investment servicing, investment management, investment research and trading services to institutional investors worldwide.State Street Bank International GmbH (‘SSBI’) seeks to recruit a Senior Information Security Officer, Managing Director (Sr. ISO) to improve the overall protection of SSBI, its customers and partners from an evolving and sophisticated threat landscape.
The candidate should have a proven track record in global cyber security and as a risk leader who has experience in delivering on strategic outcomes with business operational quality and a focus on business needs. The candidate should have experience in large scale cyber transformations and execution.
The SSBI Sr. ISO reports to the SSBI Chief Governance Officer and closely cooperates with the SSBI Head of IT and the wider management team. Key stakeholders include:
Information Security Officers
Business and Functional Leaders
Cyber Fusion Center
Cyber Architecture & Security Engineering
First Line Risk and Controls
3LOD Partners
The SSBI Senior Information Security Officer (Sr. ISO) will drive compliance with GCS security controls in their business unit/region/country/functional area which they represent. The Sr. ISO will serve as a trusted and influential information security advisor to senior-level business management in a large organization.
The SSBI Sr. ISO roles and responsibilities are defined under five domain areas with the following objectives and specific responsibilities for each domain:
Information Security program development and management
Objective: Develop and manage the information security program within the business unit to drive compliance with information security supplemental requirements and reduce risk
Identify senior business management and build relationship to ensure effective information security governance is established - strategy with goals and objectives, strategic alignment, roles and responsibilities, performance measurement, outcomes
Understand context of the business unit - internal and external issues, organizational structure, organizational drivers, geography, strategy, legal and regulatory requirements
Develop an information security strategy aligned to the business unit strategy, defining the goal of information security, objectives and the desired state
Develop and maintain an information security policy, associated standards and procedures
Define the activities to be performed within the information security program, and assign ownership
Establish relevant metrics to evaluate the effectiveness of the information security program
Monitor and review information security program, to ensure continual development and improvement
Risk and Incident Management
Objective: Manage information security risk and incident response, from assessment through mitigation of risk, and throughout the entire lifecycle of incident management
Support the business unit in identifying high risk/critical processes and technology, ensuring they are inventoried, ownership is assigned and that regular reviews are carried out
Assess information security risk associated with high risk/critical business processes and technology, and apply information security supplemental requirements to mitigate risk
Integrate information security risk review into lifecycle processes such as Incident Management, ASAP, ISRMP, TPRM, BCP, SDLC, Change and Project management
Attend risk and technology committees. Identifying, documenting and communicating Information Security risks. If risk and technology committees do not exist, work with the business unit to establish forums for discussion
Act as Information Security representative during regulatory and statutory engagements
Review and approve non-standard access for high risk access (e.g. blocked web sites, mass storage, application access, non-standard device and non-expiring passwords, process and system IDs)
Participate in security incident response program representing the business area to detect and respond to incidents in a timely manner. Post incident, provide support to the business to identify control gaps.
Measurement
Objective: Develop metrics for measuring the information security program and related activities
Establish and agree on appropriate reporting with senior management to give a view of the state of information security throughout the business unit
Complete the quarterly ISO maturity assessment to provide a clear understanding of the maturity of the implementation of the ISO framework
Identify failed business controls and provide support on remediation to drive compliance with information security supplemental requirements
Create development plans for all information security resources to ensure continual improvement
Communication
Objective: Establish internal and external communication channels that support information security
Report on potential business impact of proposed new information security supplemental requirements, and of security risks from new business initiatives
Report significant changes in information security risk to appropriate level of management for review on both a periodic and an event driven basis
Provide regular communication on threat intelligence relevant to the business unit, and issue guidance on supporting controls
Report on impact or potential impact of security incidents to senior management
Education
Objective: Maintain up to date knowledge of evolving information security threat landscape and provide information security awareness, training and education to key stakeholders
Design and develop an interactive and engaging program for information security awareness and training, which is relevant to the business unit and encompasses the current threat landscape
Furthermore, the Sr. ISO (MD) is responsible for:
Global collaboration: Collaborate with Global Cyber Security and assigned business partner teams to ensure the business aligns plans addressing security policies and standards are enforced in their products and services
Team management: Create a high performing team and environment that promotes continuous growth opportunities
Education & Preferred Qualifications
The Sr. ISO (MD) should possess the following skills/experience
12+ years of experience in cyber security risk and controls, a security related field or other information risk management function
Experience with communicating with the European Central Bank,
Modern technical aptitude and experience developing and implementing large-scale innovation.
Interaction with governing bodies, i.e. ECB, Bafin, Bundesbank, Prüfungsverband, etc.
Depth with modern technology stacks – n-tier, cryptography, data science, machine learning, cloud (hybrid)
Project Management experience leading large and small technical teams.
Experience operating in regulated environment
CISA, CISM, CISSP or similar certification required or an agreed upon plan to achieve this certification within 1 year of hire
Bachelor’s degree or equivalent in a relevant field
Critical Leadership Capabilities
Driving results
Strategic Thinking
Collaborating & Influencing
Change Management
Senior Executive communication
Personnel Management
Project Management
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISA CISM CISSP Cloud Compliance Cryptography Governance IDS Incident response Machine Learning Risk management SDLC Security strategy Strategy Threat intelligence
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Security Researcher jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs