Officer - ETRM - Security Architecture and Patch Management

Who we are

It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. ETRM in its capacity as Second Line of Defense (SLOD) is responsible for leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, security, and resiliency.

Who we are looking for

As a representative of the ETRM group, you will be amid State Street’s multi-year technology transformation journey, regulatory requirements and technology risk assurance programs of various Business Units within State Street. The candidate will closely work with the global ETRM team leads and other cross functional teams such as First Line of Defense (FLoD), Technology divisions (Global Technology Services - GTS, Global Cybersecurity Services - GCS etc.) and Third Line of Defense (TLoD)  

What you will be responsible for

As a Risk Consultant for Architecture, Patch Management, Incident Management, Problem Management, you will be responsible for providing support on below areas:

• Review security architecture documents by thoroughly examining design documents, network diagrams, system architecture, access controls, and data protection mechanisms, to identify potential security gaps
• Conduct threat analysis using MITRE attack framework to identify potential cyber threats and their impact on the organization's systems, considering internal & external threat actors
• Analyze security controls and identify vulnerabilities in the architecture, including weaknesses in authentication, encryption, data handling, and system hardening
• Assess whether the security architecture adheres to relevant industry standards and regulatory requirements like NIST, GDPR etc.
• Evaluate the likelihood and potential impact of identified vulnerabilities to prioritize mitigation strategies

• Review Patch Management Lifecycle, to assess the potential impact of existing processes on system operations, user experience, and business processes
• Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities
• Prepare comprehensive reports summarizing technology risk assessment findings
• Develop presentations for risk committees to highlight ETRM findings and recommendations

What we value

These skills will help you succeed in this role.

• Effective communication, analytical, and project management skills
• Ability to multitask and navigate competing priorities
• Initiative-taker, Navigating on your own
• Excellent communication, interpersonal, presentation and intergroup skills
• Ability to effectively develop and manage relationships across core stakeholder groups
• Must be able to work during US and India time zones with the overlap of at least 4 hours

Primary Skills (Must Have)

• Minimum 4 years of recent related work experience in Security Architecture, Patch Management, Security Incident Management and Problem Management
• A grasp of perimeter security controls such as firewalls, IDS/IPS, network access controls, and network segmentation; Network security architecture development and definition
• Knowledge of security concepts related to DNS, including routing, authentication, VPN, proxy services, Basic knowledge of Linux or Windows server operating system
• Knowledge of domains under ITIL (Information Technology Infrastructure Library) Practices, Technology Management (Software Development and Management, Infrastructure and Platform Management), Service Management (Availability Management, Capacity and Performance Management, Change Management, Incident Management, IT Asset Management etc.)
• A strong understanding of Technology Risk Management to influence leaders on the need to embrace risk reduction initiatives and controls
• Proficient in Excel, Word, Flowcharting, PowerPoint etc.

Education & Preferred Qualifications

• Graduate in Computer Engineering (preferably BE / B TECH / BCA / MCA)
• Minimum 10-12 years of experience in information technology with 4-8 years of relevant experience in security architecture reviews including patch management, security incident management and problem management
• Experience with Risk Management and Technology Audits
• Strong project management abilities, critical thinking, problem solving, and decision-making skills.
• Experience with Microsoft Tools/Data Analytics/Dashboards is a plus.
• Information Security certifications like ISO27001, CRISC, CISA, CISM, CISSP etc.

About State Street

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we are making our mark on the financial services industry. For more than two centuries, we have been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance, and savings plans, among other perks. You will have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer. Discover more at StateStreet.com/careers

State Street's Speak Up Line