TPRM Information Security Finding Management - Assistant Vice President

Job Title

Assistant Vice President – Third Party Risk Management – Findings Management

Role Summary & Role Description

• Provide thought leadership, expert oversight and direction to business stakeholders on the risk assessment and areas of non-compliance
• Collaborate with relevant business function and TPRM risk domain stakeholders to enable effective and efficient risk mitigation
• Develop, maintain, improve and implement operating manuals and standards related to TPRM Findings Management 
• Flexibility in working outside of direct responsibilities to support emerging TPRM program requirement changes.
• Attend the risk assessment closure meetings and review issues and remediation plans related to third-party engagements. Responsible for challenging the findings appropriateness and accuracy and quality of the documentation (e.g. issue criteria, condition, cause, consequence; consistency of the issue rating; residual risk, appropriate risk event description; design of remediation activities, etc)
• Support issue owners in technical understanding of the finding, assess the impact and likelihood, expected remediation actions and accordingly help prepare a management response.
• Reviewing materials in support of issue closure or risk acceptance. Verify that evidence submitted with the closure request adequately supports completion of all remediation plan(s), including evidence of operational implementation. For risk acceptance, confirm approval documentation is complete and accurate in Archer.
• Follow-up with issue owner and internal risk teams to facilitate timely closure/risk acceptance of open issues and periodic reassessment of risk acceptances.
• Prepare risk metrics and executive dashboards for presentation to relevant management and risk committees.
• Regularly assess TPRM Findings Management processes, procedures, tools and technology integrations and drive associated improvements that optimize business outcomes, increase compliance and enhance cross functional insights.

Core/Must have skills

10+ years' experience in security infrastructure and network security control system risk assessment and / or management, utilizing ICS – CERT cybersecurity frameworks and standards such as NIST, ISO, NERC SIP, ISA/IEC.

Key technical skills include knowledge of network security, system administration, risk management, vulnerability assessment, and IT security testing.

Experience of working with stakeholders, third-party vendors, internal teams to address security risk and vulnerabilities.

Good to have skills.

In addition to technical skills, strong non-technical skills such as critical thinking, problem-solving, attention to detail, and communication skills.     

Industry certifications like  CISSP-ISSMP, CISM, CISSP, CISA, CompTIA Network+, CompTIA CYSA, or related cycbersecurity certifications is preferred

Work Schedule

Hybrid

Keywords (If any)

Information security risk, security infrastructure / network security vulnerability issue management, third party cyber risk assessment  

Why this role is important to us

State Street uses third-party vendors to support internal processes and to assist in delivery of products and services to clients.  In order to effectively manage the risks introduced by working with third-party service providers, State Street has a Third-Party Risk Management (TPRM) program for conducting risk assessments and subsequent findings management. The findings management process is often an exercise in project management all on its own and the dedicated TPRM Findings Management team has primary responsibility of this project leading to mitigation of Third-Party risk in collaboration with relevant internal stakeholders.

The successful candidate will demonstrate a strong grasp of multiple risk disciplines and related control expectations pertaining to the financial services industry, particularly in the information security, privacy, resiliency, and compliance risk areas. 

About State Street

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You’ll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

Discover more at StateStreet.com/careers