CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Position reports to Chief Technology Risk Officer (CTRO), Global Head of Enterprise Technology Risk Management (ETRM). The CTRO reports to State Street's Chief Risk Officer (CRO) who reports to the CEO.
ETRM mission is to ensure technology risks are proactively identified, prudently managed and effectively challenged across the firm. Our remit is global responsibility for technology risk management for the firm from a second line of defense perspective. Our definition of technology risk includes cyber and information security, third party technology risk, disaster recovery and other key technology risks. We accomplish our mission by establishing visionary thought leadership, practical and objective assessment, measurement and reporting, as well as by communicating the technology risk posture from the board room to the "C" suite to the rank and file of the firm.
VP Cyber Threat & Industry Partnerships Executive is a key role for the firm and is being newly established. In this role you will be the ETRM representative for key industry associations and government agencies. You will participate in FSSCC, FS-ISAC, SIFMA, FSARC, Joint Treasury and Federal Reserve Cyber Resilience and Risk Initiatives as needed. You will work with the CTRO and his leadership team as well as the firm's CISO, Chief Resilience Officer and other key executives to help define, drive, communicate and get across the firms cyber, risk and resilience point of view and position in these initiatives. In certain instances given State Street's unique position in the financial services industry, the industry will look to State Street to lead one or two such initiatives in which case you will be the designated executive to lead such efforts with support from rest of the organization. You will also network and establish key relationships within these engagements with executives of both other financial firms and the government.
Success in this aspect of the job will be measured by your ability to establish State Street as an industry thought leader and go-to firm for technology risk practices. Ability to be a persuasive speaker, cogent writer, impactful communicator and networker will be key skills in your tool box that you will have to leverage to be successful.
One of the other key responsibilities for this position is to be the subject matter expert and thought leader on cyber threat intelligence and security operations. One of ETRM's roles is oversight and governance over the first line's cyber and information security program and security operations center as well as managed security service (MSS) providers. You will help define the appropriate oversight model working closely with the CISO's office and leadership team for the Security Operations Center (SOC), MSS and Threat Intel elements of the program. You will help define what "good looks like" for the SOC and the MSS program. This will include developing metrics and assessment techniques that will help identify any gaps and build assurance that our MSS partners and SOC are operating at a high level. ETRM is a supporter and has adopted MITRE's ATT&CK framework. You will help define use cases and scenarios working closely with the CISO's team to test the various ATT&CK techniques and the firm's response. You will also be responsible for communicating this to the firm's senior leadership.
Success in this aspect of the role means clear understanding of the firm's strengths and weaknesses wrt. cyber response and recovery, driving increasing maturity of both internal and MSS capabilities and progressively harder more complex testing scenarios employed by penetration testing teams to be able to demonstrate compromise of our defenses.
As a trusted advisor and a credible partner for review and challenge of existing cyber programs and vendor relationships it is important to have had hands-on experience in areas of cyber threat intelligence and security operations.
12+ years' experience with over 5+ in cyber, threat intel and information security
Strong experience working as a cyber threat intel analyst and in a security operations center
Involvement in an MSS partnership with a firm will be useful
Security clearance preferred
Knowledge and understanding of FSARC, FSSCC, SIFMA, DHS and existing relationships highly desired
Familiarity of MITRE ATT&CK Framework from both framework and practitioner's view point desirable
Experience in cyber security working at a financial services firm preferably at a Systemically Important Financial Institution (SIFI)
BS/BA degree required. Master's degree a plus
Superior skill levels in relationship management, along with excellent verbal and written communication and presentation skills.
Must possess strong leadership and management skills.
Knowledge of computer systems, cyber security tools and frameworks/methodologies/processes required
This role will require travel to Washington DC, Boston, NYC and other locations as desired to attend committee meetings, workshops and in-person sessions