Head of Technology, Information Security and Risk , SVP

Role Summary:

The Operational Risk Management (ORM)  Department at State Street is responsible for establishing comprehensive and consistent practices  to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses. The Head of Technology & Information Security Risk Management is a senior executive responsible for leading a team of subject matter experts dedicated to challenging the  Enterprise, Infrastructure, Operations and Technology entities across State Street Corporation.   The teams mission is to ensure that internal controls are designed to mitigate technology and cyber risks, are managed, mitigated and aligned with our risk appetite and in conformance to regulatory obligations.

The role holder will lead a team of senior risk professionals to oversee framework execution in the business to ensure effective identification, measurement, control and management of Technology & Information Security Risk globally.  This leader will partner, both directly and through their team, with Global Technology Services as well as embedded Technology Teams across State Street Corporation.  As a “critical partner” to the Chief Information Officer  and senior business leaders in the First and Second Line of Defense, the incumbent must be skilled at effectively influencing business behaviors and risk culture, highlighting issues and articulating outcomes. The ability to forge strong relationships across a variety of disciplines is vital to the success of this function. Further, staying abreast of key Tech and Cyber trends, actively engaging the industry on latest and emerging operational Risks and authoring white papers will solidify credibility and contribute to best in class second line coverage.

The Senior Vice President position sits within the 2nd line of defense and reports to the State Street Global Head of Operational Risk. This leader will drive a risk-aware culture throughout the organization by challenging the status quo and providing objective thought leadership to the Technology organization.  As the Head of Technology & Information Security Risk, the role holder will play a critical role in ensuring that State Street can leverage advanced technology capabilities while effectively managing potential risks which arise from the ever evolving digital landscape.

The role is global in nature and will require excellent communication, negotiation and partnership skills in order to influence a wide variety of stakeholders at the executive level as well as  external regulators.

Other Key Responsibilities Include:

• Leading a second line function that is responsible for executing a holistic, integrated operating model inclusive of performance of technology capability risk assessments, conducting credible challenge activities and ongoing monitoring against industry frameworks (i.e. COBIT, NIST CSF/CRI, etc.) and in compliance with the OCC's Heightened Standards.

• Developing a detailed understanding of the Technology & Information Security strategy, products and services as well as relevant industry issues, frameworks and emerging risks

• Partnering with the CIO’s management team to enable risk informed key business and strategy decisions through their understanding of the Technology / Information Security and their role in the governance (e.g. as a member or attendee of Technology Risk Committee and Cybersecurity Risk Committees).

• Providing proactive, insightful analysis and interpretation of technology & information security risks to the First and Second Line based on a thorough technical understanding of the Operational Risk Management Framework (ORMF), robust and relevant knowledge of Technology and Information security risk and a deep and broad external market view on risk theories and current best practice.

• Perform independent review and credible challenge of the performance of universal key indicators and other metrics in support of the Technology and Cyber Risk Appetite Statements.

• Represent Second line of defense in various forums including Risk Forums, Safety & Soundness, Risk committees, Regulatory Updates, Internal and External Auditors, etc.

• Influence, and challenge as the organization implements the Transformation program for Technology Risk.

• Oversight of the delivery and performance of technology solutions that are distributed globally to ensure appropriate controls are in place prior to deployment with minimal post implementation disruption.

• Clearly communicate to technology and business managers the impact of control weakness and design control deficiencies on service delivery capabilities

• Driving initiatives to proactively identify, escalating and solving complex risk and control issues as well as potential conflicts with risk management results and expected outcomes in a timely manner.

• Supporting the Head of Operational Risk in running and changing the operational risk management program; including providing strategic advice on organizational design, managing regulator engagements, developing budget, defining training strategies and preparing executive level materials and briefings for Senior Management and the Board.

• Driving execution of remediation plans and regulatory commitments as applicable.

Qualifications:

The ideal candidate will have a minimum of 20 years’ experience in managing Technology & Information Security Risk programs; including an ability to design and execute technical methods of risk identification and measurement in a large, global complex financial institution.  They must have in-depth, detailed knowledge of technology risks and controls, infrastructure, cloud, and emerging Technology Management, Operations, and Information Security practices in the financial industry especially as it relates to enterprise functions and business sectors.

This individual should have the following experience and skills:

• Knowledge of full system, software, and security development lifecycle.

• Extensive risk knowledge including ability develop metrics and risk appetite thresholds.

• Experience with the management and oversight of technology infrastructure components such as Network, servers, databases, and data center design and operations.

• Knowledge of Information Security and Cyber security controls, technologies, operations, and operational response processes.

• Knowledge of Cloud security and controls, including secure design patterns and governance

• Experience with reviewing and evaluating Enterprise technology architecture design and solutions to include reviewing the people, process, and technology components.

• Knowledge of the risks and underlying controls that support the integration, testing and support to business application and services

• Knowledge of working with internal business functions such as Finance, HR, Software development, Shared services

• Working familiarity with data warehousing and big data environments.

• Working familiarity with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects, and data quality issues.

• Strong analytical and problem-solving skills

• Experience presenting to Executive Committees and other senior forums.

• Strong leadership, communication, and presentation skills

Additionally, having in-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management. Prior experience in previous roles should include companies with global technology infrastructure in global financial services firms.

Technology Skill set requirements will include capability to manage all aspects of these standards:

• Technology Architecture components common across the Financial Industry

• Information Systems Audit and Control Association’s (ISACA) COBIT* Standard

• Information Technology Infrastructure Library (ITIL)

• ISACA’s Certified in Risk and Information Systems Control (CRISC) Job Practice Domains

• Masters in a technology related field preferred.

• Project management experiences is a plus.

Strong Leadership Skills:

• Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.

• Engages business and technology managers to identify key control indicators and maintain effective and efficient continuous control monitoring processes.

• Strong analytical and problem-solving skills.

• Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.

• Collaboratively manage initiatives that span multiple geographic locations and time zones.

• Navigates organizational complexity; demonstrates organizational acumen.

• Builds partnerships across functions and regions; collaborates well with others.

• Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology.

Excellent Communication & Presentation Skills:

• Advanced proficiency in creating written executive materials and mastery in verbal presentation to Executive audiences.

• Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.

• Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.

• Experienced in using active listening techniques on a consistent basis.

• Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.

• Comfortable interacting directly with technology executive leadership, including in a high stress environment.

• Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.

Logistics:

• The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with stakeholders and colleagues in different regions and time zones.

• The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others.

Other:

• Demonstrated experience managing complex transformation / remediation programs.

• Bachelors / Masters degree in Computer Science, Engineering or related technical field

• Experience with US regulations as well as a strong working level of knowledge of European and Asia Pacific regulations.

Are you the right candidate? Yes!

We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don’t necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit.

About State Street

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You’ll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

Discover more at StateStreet.com/careers

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.