TPRM Information Security Finding Management - Assistant Vice President
State StreetState Street provides investment servicing, investment management, investment research and trading services to institutional investors worldwide.
Assistant Vice President – Third Party Risk Management – Findings Management
Role Summary & Role Description
- Provide thought leadership, expert oversight and direction to business stakeholders on the risk assessment and areas of non-compliance
- Collaborate with relevant business function and TPRM risk domain stakeholders to enable effective and efficient risk mitigation
- Develop, maintain, improve and implement operating manuals and standards related to TPRM Findings Management
- Flexibility in working outside of direct responsibilities to support emerging TPRM program requirement changes.
- Attend the risk assessment closure meetings and review issues and remediation plans related to third-party engagements. Responsible for challenging the findings appropriateness and accuracy and quality of the documentation (e.g. issue criteria, condition, cause, consequence; consistency of the issue rating; residual risk, appropriate risk event description; design of remediation activities, etc)
- Support issue owners in technical understanding of the finding, assess the impact and likelihood, expected remediation actions and accordingly help prepare a management response.
- Reviewing materials in support of issue closure or risk acceptance. Verify that evidence submitted with the closure request adequately supports completion of all remediation plan(s), including evidence of operational implementation. For risk acceptance, confirm approval documentation is complete and accurate in Archer.
- Follow-up with issue owner and internal risk teams to facilitate timely closure/risk acceptance of open issues and periodic reassessment of risk acceptances.
- Prepare risk metrics and executive dashboards for presentation to relevant management and risk committees.
- Regularly assess TPRM Findings Management processes, procedures, tools and technology integrations and drive associated improvements that optimize business outcomes, increase compliance and enhance cross functional insights.
Core/Must have skills
10+ years' experience in security infrastructure and network security control system risk assessment and / or management, utilizing ICS – CERT cybersecurity frameworks and standards such as NIST, ISO, NERC SIP, ISA/IEC.
Key technical skills include knowledge of network security, system administration, risk management, vulnerability assessment, and IT security testing.
Experience of working with stakeholders, third-party vendors, internal teams to address security risk and vulnerabilities.
Good to have skills.
In addition to technical skills, strong non-technical skills such as critical thinking, problem-solving, attention to detail, and communication skills.
Industry certifications like CISSP-ISSMP, CISM, CISSP, CISA, CompTIA Network+, CompTIA CYSA, or related cycbersecurity certifications is preferred
Keywords (If any)
Information security risk, security infrastructure / network security vulnerability issue management, third party cyber risk assessment
Why this role is important to us
State Street uses third-party vendors to support internal processes and to assist in delivery of products and services to clients. In order to effectively manage the risks introduced by working with third-party service providers, State Street has a Third-Party Risk Management (TPRM) program for conducting risk assessments and subsequent findings management. The findings management process is often an exercise in project management all on its own and the dedicated TPRM Findings Management team has primary responsibility of this project leading to mitigation of Third-Party risk in collaboration with relevant internal stakeholders.
The successful candidate will demonstrate a strong grasp of multiple risk disciplines and related control expectations pertaining to the financial services industry, particularly in the information security, privacy, resiliency, and compliance risk areas.
About State Street
What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.
Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You’ll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.
Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.
State Street is an equal opportunity and affirmative action employer.
Discover more at StateStreet.com/careers
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Sydney, Australia Sydney, Australia Full TimeExecutive Executive-levelUSD 30K - 51K * USD 30K+ *
Staff Application Security Engineer (AppSec) - Open to remote across ANZApplication security AWS CI/CD Cloud DevOps Docker +11
Career development Equity Flex hours Flex vacation Home office stipend +1
Auckland, Australia Auckland, Australia Full TimeExecutive Executive-levelUSD 175K - 250K * USD 175K+ *
Security Engineering Manager, Application Security (Open to remote across ANZ)Application security AWS Azure Cloud GCP IAM +6
Equity Flex hours Flex vacation Home office stipend Parental leave +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Ingénieur DevSecops H/F jobs
- Open Security Researcher jobs
- Open Information System Security Officer (ISSO) jobs
- Open C-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs
- Open APIs-related jobs
- Open DevSecOps-related jobs