CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
State Street's Corporate Information Security (CIS) group plays a key role in the bank's enterprise third party/vendor risk management function. The CIS vendor team member is experienced third party risk analyst tasked with conducting information security risk assessments of critical State Street suppliers.
Collaborate with supplier relationship managers to help document the inherent risks in certain third party relationship and the controls in place to ensure a secure and compliant engagement
Be responsible for reviewing security controls and/or regulatory compliance measures present at high and critical-rated Third Party Providers utilized by State Street
Develop reports to help CIS management business line management and other risk-related stakeholders understand the status of ongoing assessments the actions required to remediate risks and the risk posture of certain business units as it relates to vendors
Collaborate with State Street's Legal and Procurement groups to ensure that contracts with third parties reflect an appropriate level of control for IT/security risks.
In this role the analyst must be capable of influencing courageously at all levels of the organization to ensure that third party relationships strike an effective balance between business and security requirements.
3 to 6 years of prior IT Audit or Information Security experience particularly in a role related to third party risk assessment
Familiarity in reviewing SSAE16 and other independent reports and a strong knowledge of applicable federal and state privacy/security laws and accreditation standards
Proven ability to translate complex regulations (ISO SOX NIST UK PRA EU Data Directive HIPAA and PCI etc) into clear easily understood action plans
Effective written and oral communication skills
Strong negotiation skills
Ability to train others in security concepts
Ability to synthesize data about to information risks to identify hidden trends and themes and to communicate this information to internal stakeholders
Industry certification a plus (CISSP CISA or CISM etc)
Bachelor's or master's degree in computer science management information systems business administration or related discipline would be a plus
Employee savings plan
Premium life insurance package
VIP medical package
International operating environment
Soft skills trainings
Development sessions with a mentor
Diversity of opportunities across a range of challenging and highly complex activities