Job Description
Who we are looking for
Our second line technology risk function is vital to State Street to ensure Information Technology risks and controls are well managed, helping our business to deliver applications and services to our clients. We are supporting the company’s digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence alongside best in class Information Technology Service Management. We are looking for experienced Risk Management and Controls Assurance resources to help maintain and mature our Technology Risk Management Programs.
What you will be responsible for
Primary Areas of Focus:
Technology Risk Acceptance Governance, Material Risk Identification (MRI), Risk Control Self-Assessment (RCSA) and support of other 2LOD oversight activities
In this role within Enterprise Technology Risk Management (ETRM), you will assist in:
Technology Risk Acceptance Governance – Monitor and engage first line’s Technology Risk Acceptance submissions and facilitate in the review of these through demonstrable challenge in conjunction with the 2LOD SMEs
Material Risk Inventory – Facilitate in the coordination of bi-annual MRI capture process for Global Technology Services (GTS); Compile MRI workshop results, execute quality assurance over consolidated results from MRI workshop, and integrate the results into the 2LOD oversight processes.
Risk and Control Self-Assessment (RCSA) – On an annual basis, engage with first line’s scorecards with risk ratings and rationale as the ETRM coordinator; aggregate and reflect second line SMEs assessments of risk ratings, controls and review associated exposure rationale provided by first line; and generate the second line review/challenge on the technology RCSAs
This role will also:
Support ETRM with regulatory and audit requests, and assist in the execution of the departmental annual risk coverage plan in conjunction with the respective ETRM leaders
Communicate the departmental views and reports on various risk matters to the appropriate committees and stakeholders
Learn new and complex environments, processes, and technologies
Stay abreast of industry developments including but not limited to changes in regulations
Coordinate or lead various ad-hoc requests, projects
Develop overall technology / product / business unit knowledge of State Street Corporation
What we value
These skills will help you succeed in this role
Candidate has experience managing small to medium initiatives
Candidate has experience with supporting various Security Architectures, Defense in Depth Strategy, Cloud environments (AWS, Azure, GCP, OCI), Cybersecurity tools
Candidate has strong understanding of control frameworks
Candidate is able to effectively balance multiple tasks
Candidate is able to work both collaboratively and independently
Aptitude for researching and identifying emerging technology risks including learning new and complex environments, processes, and technologies
Excellent written and spoken communication & collaboration skills
Self-learning and training to ensure skills and knowledge are in line with responsibilities
Knowledge of IT frameworks such as NIST, ISO, COBIT, ITIL a plus
Familiarity in Information Security Frameworks including the ISO 27000 family, NIST, Cloud CCM
A strong understanding of Technology and Cyber Risk Management to influence leaders on the need to embrace risk reduction initiatives and controls
Proficient in Microsoft Office suite including data analytics in Excel and/or Access
Experience with IT GRC platforms (Archer), Splunk, EDR, SIEM, Network Management tools
Education & Preferred Qualifications
Bachelor’s degree in Computer Science/Information Systems, Risk Management or a related field, or equivalent experience
Candidate has a minimum of 5+ years of experience with IT risk, audit or technology operations
Professional designation a plus (e.g. CISA, CISM, CISSP, CRISC)
Salary Range:
$90,000 - $157,500 AnnualThe range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
For a full overview, visit https://hrportal.ehr.com/statestreet/Home.
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.
As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers
Read our CEO Statement
Job Application Disclosure:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.