Grc - IT Security Avp

Who we are looking for

State Street’s GlobalCybersecurity (GCS) group plays a key role in the bank’s enterprise third party/vendor risk management function and we are lokking for experienced third party risk analyst tasked with conducting information security risk assessments of critical State Street suppliers.

This role can potentially be performed fully remotely from home within the Canada or United States area.

What you will be responsible for

As GCS TPCRM Analysts you will:

- Collaborate with supplier relationship managers to help document the inherent risks in certain third party relationship and the controls in place to ensure a secure and compliant engagement
- Be responsible for reviewing security controls and/or regulatory compliance measures present at high and critical-rated Third Party Providers utilized by State Street

Ensure quality and timely responses in support of State Street’s global internal business units by providing accurate and in-depth due diligence risk assessments of third-parties holding data outside of State Street’s controls. The analyst is expected to help evolve the third-party as they partner with the service providers, business unit and core infrastructure teams to determine solutions to identify security issues.
- Collaborate with State Street’s Legal and Procurement groups to ensure that contracts with third parties reflect an appropriate level of control for IT/security risks.
- Enhance education and awareness program to include third party security communications for cyber threat events such as Petya, WannaCry, etc., for internal and external parties.
- Conduct compliance and security assessments of various network components of the global infrastructure identifying gaps to regulatory and compliance requirements relative to ISO 27001/27002, NIST 800-53, FFIEC, Cloud Security Alliance (CSA) and others meeting current regulatory environments globally.
- Participate in the roundtable review process for global team members to present due diligence findings - ensuring a consistent and high quality deliverable for third-party information security vendor risk assessments. Requirements for State Street and vendors using public and private cloud configurations were developed, documented, added to internal controls manual, security schedules and due diligence assessments.

What we value

These skills will help you succeed in this role
- 3 to 6 years of prior IT Audit or Information Security experience particularly in a role related to third party risk assessment
- Familiarity in reviewing SSAE16 and other independent reports and a strong knowledge of applicable federal and state privacy/security laws and accreditation standards
- Proven ability to translate complex regulations (ISO SOX NIST UK PRA EU Data Directive HIPAA and PCI etc) into clear easily understood action plans

Education & Preferred Qualifications
- Effective written and oral communication skills
- Strong negotiation skills
- Ability to train others in security concepts
- Ability to synthesize data about to information risks to identify hidden trends and themes and to communicate this information to internal stakeholders
- Industry certification a plus (CISSP CISA or CISM etc)
- Bachelor’s or master’s degree in computer science management information systems business administration or related discipline would be a plus

We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don’t necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit.

Why this role is important to us

Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We’re driving the company’s digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation.

We offer a collaborative environment where technology skills and innovation are valued in a global organization. We’re looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company.

Join us if you want to grow your technical skills, solve real problems and make your mark on our industry.

About State Street

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment se