Information Security Officer

The Information Security Officer will drive compliance with global cybersecurity controls in their business unit/region/country/functional area which they represent. The ISO will serve as a trusted advisor to mid-level business management within State Street Bank International.

ISO roles and responsibilities are defined under multiple domain areas, such as Information Security and Risk Management, Cyber Incident and Response Management, Cyber Controls Analysis, and Cyber Reporting.

We are searching for an experienced cybersecurity business analyst with experience in identifying cyber risk aligned to business functions. The Information Security Officer will work within our Protection Needs Analysis program within State Street Bank International. This candidate should be able to correlate our cyber risks that align to our business services and functions within State Street Bank International.

 Responsibilities

• Maintain information security risk assessment processes and procedures documentation in accordance with regulatory requirements (ECB, BAIT, DORA, etc.)
• Collaborate with key stakeholders to identify information assets and assess the protection needs requirements for the business.
• Monitor the completion of protection needs analysis in State Street Bank International, including coordinating resources, attending meetings with key stakeholders, and preparing reports and other documentation.
• Being able to execute the risk analysis of the aligned business functions and services for the protection needs is a critical, while raising opportunities to management to improve processes.
• Present to business stakeholders on outcomes of assessments and drivers for key risk ratings aligned to their functions, while offering solutions for risk remediation solutions.
• Candidate must have cyber risk experience to assist in solving challenging business issues to align to ever evolving regulations, while being able to establish strong working relationships from peers across the globe.
• Understand context of the business unit - internal and external issues, organizational structure, organizational drivers, geography, strategy, legal and regulatory requirements.
• Report significant changes in information security risk to appropriate level of management for review on both a periodic and an event driven basis.
• Assess information security risk associated with high risk/critical business processes and technology and apply information security supplemental requirements to mitigate risk.

• ISO Competencies and Qualifications

  The Information Security Officer should possess the following skills/experience.

• Successfully completed bachelor’s degree or equivalent work aligned experience.
• CISSP, CISSM, CRISC, CISA, SSCP or similar certification a plus
• Experience working with cyber security frameworks such as NIST.
• Cybersecurity business risk experience highly preferred
• 4 years of information security experience in an analytical capacity
• Financial services experience in a regulated environment highly preferred
• Experience with business concepts including financial, business requirements, and compliance.
• Experience with European Central Bank (ECB) ICT guidelines and BAIT (Bankaufsichtliche Anforderungen an die IT) guidelines.
• Strong communicator across multiple audiences technical and non-technical
• Strong analytical, research, and organizational skills
• Strong interpersonal skills such as active listening, being dependable, and teamwork is critical.

• Who we are looking for 

  We are seeking a skilled Integration & Automation Engineer with expertise in cryptographic key management to design, develop, and maintain automation solutions that enhance the security, efficiency, and scalability of our enterprise cryptographic infrastructure.  This role will focus on integrating key management systems (KMS) and hardware security modules (HSMs) with enterprise applications, cloud environments, IoT and DevSecOps workflows.  The Ideal candidate has experience with the secure automation, scripting, API development, and integrating cryptographic solutions within financial or highly regulated environments. 

   

  What you will be responsible for 

  • Design and implement integrations between cryptographic key management systems and enterprise applications, cloud platforms, and security tools. 

  • Develop and maintain APIs, microservices, and automation scripts to streamline cryptographic operations. 

  • Enable seamless integration with multi-cloud key management services (AWS KMS, Azure Key Vault, OCI KMS) 

  • Collaborate with security architects, application teams, and DevSecOps engineers to embed encryption management into CI/CD pipelines. 

  • Automate key lifecycle processes such as key generation, rotation, distribution, revocation and decommissioning. 

  • Build monitoring and alerting mechanisms to detect cryptographic anomalies and improve operational efficiency. 

  • Ensure automation and integrations align with cryptographic policies, compliance and regulations (PCI DSS, GDPR, FIPS 140-2/3), and security best practices. 

  • Work closely with risk and compliance teams to provide audit trails and access control mechanisms for key and certificate operations. 

  • Assist in vulnerability management and patching of cryptographic components and automation workflows. 

  • Troubleshoot integration and automation issues, ensuring high availability and reliability of cryptographic services. 

  • Stay up to date on emerging encryption technologies, cloud security trends, and automation frameworks. 

  • Provide technical documentation and training for internal teams on cryptographic integration best practices.   

   

  What we value 

  These skills will help you succeed in this role 

  • An understanding of key management. 

  • Strong problem solving and analytical skills 

  • Ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment 

  • Strong organizational, multi-tasking, and prioritizing skills 

   

  Education & Preferred Qualifications 

  • Bachelor's degree in Computer Science, Information Security, or a related field or equivalent work experience. 

  • Strong proficiency in Python, PowerShell, Bash, or Java for automation and integrations. 

  • Experience with RESTful APIs, JSON, XML, and WebSockets to integrate key management solutions 

  • Experience with key management systems (HashiCorp Vault, ASW KMS, Azure Key Vault, OCI KMS). 

  • Experience with Kubernetes, Terraform, Ansible, Chef, and CI/CD automation. 

  • Understanding of cryptographic algorithms (AES, RSA, ECC), hardware security modules (HSMs), and secure key storage practices. 

  • Experience working in financial institutions or other highly regulated industries.  

  • Knowledge of blockchain technology and its cryptographic principles is a plus. 

  • Certifications such as CISSP, CISM, AWS Security Specialty, HashiCorp Certified Vault Associate or CCSK. 

  • Familiarity with security frameworks such as NIST 800-57, ISO 27001 or PCI DSS. 

   

  Are you the right candidate? Yes! 

  We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don’t necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit. 

   

  Why this role is important to us 

  Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We’re driving the company’s digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation.  

    

  We offer a collaborative environment where technology skills and innovation are valued in a global organization. We’re looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company.  

   

  Join us if you want to grow your technical skills, solve real problems and make your mark on our industry. 

   

  About State Street 

  What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients. 

  Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You’ll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential. 

  Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you. 

  State Street is an equal opportunity and affirmative action employer. 

   

   

   

State Street's Speak Up Line