The Risk Governance team within Global Technology Services has established a Policy and Standards governance function to oversee the GTS policy and standards lifecycle. The Risk Governance team is looking for an experienced VP to lead the team of policy and standards management professionals to ensure effective communication, enforcement monitoring, and ongoing alignment with the firm’s risk appetite.
What you will be responsible for
As the Risk Governance Policy and Standards Vice President:
- Oversee efforts to consolidate the firms technology policies into
- Lead transformation efforts to restructure policy and standards to align to three master policies (Cybersecurity, Technology, and Data Management).
- Maintain the mapping of polices, standards to agreed-upon industry best practices (e.g. NIST, COBIT, ITIL etc.) and align with control objectives.
- Chair periodic Policy and Standards governance councils (for each GTS risk domain) to manage the policy / standards lifecycle (i.e. reviewing / approving proposed policy / standards change requests from business line risk representatives and technology SMEs)
- Partner with Technology Risk Advisors to understand compliance with GTS policies and standards and establish remediation plans (where appropriate), resolve issues, and ensure adherence to all policies/regulations/guidelines.
- Develop plans to link policies and standards to control objectives in the firm’s strategic policy and standards management tool enabling alignment to the GTS control architecture.
- Partner with the metrics framework team to identify appropriate policy and standards related risk metrics for consumption by operational leadership
- Assist in monthly reporting on the status and outcomes of policy / standards related activities
- Re-enforce an inherent culture of accountability and ownership for policy / standards lifecycle management within the GTS organization.
- Build strong relationships with subject matter experts and other stakeholders to drive risk excellence.
- Maintain adequate records and evidence of policy / standards management activities
What we value
These skills will help you succeed in this role
- Significant experience in managing the technology policy / standards office for a large corporate organization
- Deep understanding of technology standards and associated risk
- Ability to challenge stakeholders that propose policy / standards change requests that would negatively impact the technology risk position
- Ability to interact with and communicate professionally with multiple levels of management in multiple regions.
- Excellent verbal and written communication skills, ability to express ideas and understand workflows.
- Strong time management skills, problem-solving and critical thinking skills
- Prior knowledge of State Street control assessment framework a plus
- Proven experience with a GRC tool such as Archer
- Experience in creating process flows, identifying controls, creating management information in powerpoint decks
- Must have the ability to operate in a timely in a deadline-oriented environment with simultaneous deliverables
- Must be detail-oriented.
- Experience working in the Financial industry preferred, but not required
Education & Preferred Qualifications
- B.S. or equivalent experience.
- Minimum 5 years of experience working in Information Security or general IT areas related to risk management, internal policies frameworks, controls assurance, compliance programs, cybersecurity and information security regulations, and industry standards.
- Preferably 5 years of prior experience in a policy management team.
- Preference for working towards a professional certification: Certified Information Security Auditor (CISA), Certified Risk & Information Systems Controls (CRISC), etc
Salary Range:
$150,000 - $232,500 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
For a full overview, visit https://hrportal.ehr.com/statestreet/Home.
About State Street
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.
As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers
Read our CEO Statement
Job Application Disclosure:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.