Information Security Officer

Job Description: Vice President - SSBI Information Security Officer

The Information Security Officer will drive compliance with global cybersecurity controls in their business unit/region/country/functional area which they represent. The ISO will serve as a trusted advisor to mid and senior-level business management within State Street Bank International.

ISO roles and responsibilities are defined under multiple domain areas, such as Information Security and Risk Management, Cyber Incident and Response Management, Cyber Controls Analysis, and Cyber Reporting.

We are searching for a strong cyber controls analyzer with experience in identifying cyber risk aligned to business functions. The VP, Information Security Officer will lead our Protection Needs Analysis program within State Street Bank International. This candidate should be able to correlate our cyber risk taxonomy aligned to applicable business processes to conclude on the residual cyber risks aligned to the business functions and critical business services.

 Responsibilities

• Implement and maintain information security risk assessment processes and procedures in accordance with regulatory requirements (ECB, BAIT, DORA, etc.)
• Collaborate with key stakeholders to identify information assets and assess the protection needs requirements for the entire line of business and legal entity.
• Manage and monitor the completion of protection needs analysis in State Street Bank International, including coordinating resources, managing escalation, and preparing reports.
• Being able to establish and maintain sustainable yet continuous improvement practices for the protection needs analysis function is a critical success factor for this role.
• Actively participate in cyber risk forums and committees with other stakeholders including Executive Management, Internal Audit, Enterprise Technology Risk Management, Compliance, Legal, and Regulatory.
• Presenting to mid to senior level executive leadership on protection needs outcomes and controls is critical therefore the candidate will have experience presenting at all levels of the organization and preparing executive communications.
• Candidate must have the technical experience to assist in solving challenging cyber issues to align to ever evolving regulations, while being able to build strong working relationships from peers across the globe.
• Integrate information security risk review into lifecycle processes such as Incident Management, Vulnerability Management, Third-Party Risk Review, Cyber Resiliency, eSDLC, Change and Project management.
• Understand context of the business unit - internal and external issues, organizational structure, organizational drivers, geography, strategy, legal and regulatory requirements.
• Report significant changes in information security risk to appropriate level of management for review on both a periodic and an event driven basis.
• Assess information security risk associated with high risk/critical business processes and technology and apply information security supplemental requirements to mitigate risk.

ISO Competencies and Qualifications

The Information Security Officer should possess the following skills/experience.

• Successfully completed bachelor’s degree or equivalent work aligned experience.
• CISSP or CISM required.
• CRISC, CISA, SSCP or similar certification a plus
• Experience working with the NIST Cybersecurity Framework
• Qualitative cybersecurity risk analysis experience highly preferred
• 8 years of information security experience in an operational or analytical capacity
• Financial services experience in a regulated environment highly preferred
• Experience with business concepts including financial, business requirements, compliance, and risk management.
• Experience with European Central Bank (ECB) ICT guidelines and BAIT (Bankaufsichtliche Anforderungen an die IT) guidelines.
• Strong analytical, communication, research, and organizational skills
• Strong interpersonal skills such as active listening, being dependable, and teamwork is critical.

State Street's Speak Up Line