ETRM- App Sec, SSDLC, Config Mgmt - Senior Manager

Who we are

It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. ETRM in its capacity as Second Line of Defense (SLOD) is responsible for leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, security, and resiliency

Who we are looking for

As a representative of the ETRM group, you will be amid State Street’s multi-year technology transformation journey, regulatory requirements and technology risk assurance programs of various Business Units within State Street. The candidate will closely work with the global ETRM team leads and other cross functional teams such as First Line of Defense (FLoD), Technology divisions (Global Technology Services - GTS, Global Cybersecurity Services - GCS etc.) and Third Line of Defense (TLoD)

What you will be responsible for

As a Application Security and Secure SDLC Risk Consultant, you will be responsible for providing support on below areas:

• Provide oversight and risk management on Enterprise Software Development Lifecycle Program Governance to ensure that the material defects and security vulnerabilities in applications are identified and remediated by the State Street Business Units and Corporate
• Identify  control gaps in secure code scanning and testing practices
• To ensure risk-based controls assurance program, regularly test SDLC controls for design and operating effectiveness
• Lead and oversee communication and engagement with stakeholders, drive program progress, and escalate risks, issues and solutions 
• Manage all key stakeholder communications, including management-level reporting
• Prepare comprehensive reports summarizing technology risk assessment findings
• Develop presentations for risk committees to highlight ETRM findings and recommendations

Team Management

• Work with and leverage other team members to maximize impact and throughput
• Live and define a culture, value and practice leadership principles

What we value

• Effective communication, analytical, and project management skills
• Ability to multitask and navigate competing priorities
• Initiative-taker, Navigating on your own
• Must be able to work during US and India time zones with an overlap of at least 4 hours

Primary Skills (Must Have)

• Experience in risk management, cyber security, or technology-related governance, focusing on Application Security, API Security, Secure SDLC and CI/CD security. Conducting security reviews, penetration testing, threat modeling, and providing guidance on secure coding practices to identify and remediate vulnerabilities throughout the software development lifecycle
• Minimum 4 years of recent related work experience in Application Security and  Secure-SDLC practices, methodologies, and standards such as Microsoft SDL, OWASP SAMM, and OWASP ASVS
• Deep understanding of OWASP Top 10 and SANS Top 25; with a proven track record and experience in implementing and integrating remediation strategies
• Understanding of the MITRE Framework and adversarial methodologies
• Familiarity of application source code review and penetration testing methodologies and tools such as Fortify, Webinspect, AppScan, Qualys WAS, Sonarqube, Nessus and Burpsuite etc.
• Excellent communication, interpersonal, presentation and intergroup skills

Education & Preferred Qualifications

• Graduate in Computer Engineering (preferably BE / B TECH / MCA)
• Minimum 10+ years of experience in information technology with 4 - 6 years of relevant experience in Cloud and Emerging Technologies
• Experience with Microsoft Tools/Data Analytics/GRC tools/Jira is a plus
• Proven ability to work effectively on global scale with all levels of management
• Organized with the ability to multi-task in a fast-paced environment
• Relevant certifications (e.g., OSCP, CCSP, CISSP, CRISC) are a plus

About State Street

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we are making our mark on the financial services industry. For more than two centuries, we have been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance, and savings plans, among other perks. You will have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer. Discover more at StateStreet.com/careers

State Street's Speak Up Line