The Assistant Vice President, Information Security Officer is a first‑line Information Security role providing cyber risk advisory across enterprise infrastructure platforms, with a strong emphasis on security‑by‑design and early engagement (“shift‑left”). This role supports secure and resilient technology outcomes across on‑premises, cloud, and hybrid environments, partnering closely with infrastructure, network, cloud, and platform teams.
This position is designed for a technically curious security professional who wants to learn deeply how large‑scale infrastructure works, is comfortable operating with ambiguity, and can form sound, risk‑based judgments using the information available. Over time, the role provides a clear path to broader enterprise security leadership and senior risk advisory responsibilities.
Key Responsibilities
Cyber Risk Advisory & Early Engagement
- Provide cyber risk advisory support across enterprise infrastructure domains, including compute, storage, identity, cloud platforms, and network / connectivity technologies.
- Engage early with engineering and platform teams to assess designs, material changes, and new initiatives before implementation.
- Translate infrastructure and network security risk into clear, practical guidance aligned to enterprise risk appetite and regulatory expectations.
- Independently assess risk scenarios and make well‑reasoned recommendations, escalating when material risk or uncertainty warrants it.
Infrastructure & Network Security Influence
- Partner with infrastructure, network, and cloud engineering teams to embed security‑by‑design and resilience principles into architectures and delivery models.
- Review architecture diagrams, design documents, and control implementations for security and operational risk.
- Contribute to security considerations around network segmentation, trust boundaries, ingress/egress controls, connectivity patterns, and monitoring approaches.
- Help align infrastructure and network security patterns to enterprise standards, zero trust principles, and regulatory obligations.
Risk Assessment & Control Governance
- Support infrastructure and network security risk assessments, control gap identification, and remediation prioritization.
- Track remediation actions, helping ensure risks are clearly understood, documented, and addressed in a pragmatic manner.
- Assist with exception handling, risk acceptance documentation, and articulation of residual risk posture.
- Contribute to internal audit, regulatory reviews, and governance forums by explaining infrastructure and network risk in business‑relevant terms.
Incident & Threat Support
- Provide advisory support during infrastructure or network‑related cyber incidents, including impact assessment and control improvement identification.
- Partner with SOC, threat, vulnerability, and engineering teams to interpret findings and understand emerging infrastructure‑related risks.
- Participate in lessons‑learned activities to help improve preventative controls upstream.
Background Skills That Differentiate the Role
While this role is intentionally broad and growth‑oriented, experience or interest in the following areas is considered a strong differentiator:
- Enterprise networking and security concepts (routing, switching, firewalls, load balancers, VPNs, DNS, cloud networking)
- Network or perimeter security technologies (e.g., firewalls, IDS/IPS, segmentation, hybrid connectivity)
- Assessing network and infrastructure architecture from a security and resilience perspective
- Public cloud networking and security patterns (AWS and/or Azure)
- Exposure to regulated environments (financial services or similarly complex industries)
Deep hands‑on expertise is not required—a strong learning mindset and the ability to ask the right questions is.
Required Qualifications
- Experience in information security, infrastructure security, or technology risk within a large, complex organization.
- Solid foundational understanding of enterprise infrastructure and associated security risks across on‑prem, cloud, and hybrid environments.
- Demonstrated curiosity and desire to learn, including the ability to ramp quickly on unfamiliar technologies or patterns.
- Proven ability to work independently, manage ambiguity, and make reasoned decisions with incomplete information.
- Strong written and verbal communication skills; able to influence without direct authority.
- Familiarity with industry or regulatory frameworks (e.g., NIST, ISO, DORA, FFIEC) is beneficial but not mandatory.
Role Attributes & Growth Opportunity
- Naturally inquisitive, with a genuine interest in understanding how systems work and how security can be embedded earlier
- Comfortable forming a point of view and constructively challenging design decisions
- Pragmatic, outcome‑focused, and biased toward practical risk reduction rather than theoretical perfection
- Willing to learn from experience and progressively take on broader enterprise risk responsibilities
About State Street
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.
As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers
Read our CEO Statement