Information Security Officer, Vice President

The VP, Information Security Officer provides cyber risk management oversight for State Street Bank International and sits within the first line of defense. The Information Security Officer will oversee functions performed by our main service provider ensuring local regulatory standards are met across all cyber security domains. This role will assist in the adoption of global cyber security programs within the International Bank that further strengthen cyber security controls and aligned standards. This role is highly visible and requires a keen sense of detail when engaged with business unit managers and requires strong experience in international regulations. This role will lead cyber metrics discussions, influence strong cyber awareness behavior, present open risk, and vulnerabilities to technical and business aligned partners, while communicating bi-directionally between the business units and the global cybersecurity leadership team.

The VP, Information Security Officer will be a strategic change agent that will also be a thought leader to protect the bank. Being able to build trust through information and transparency among peers while being able to present to the highest level of leadership within State Street with appropriate technical and business detail is necessary for this role. As a critical partner to business leaders within the International Bank, the incumbent must be skilled at influencing change to lead teams to further adopt cyber controls while reducing overall residual risk to their businesses.

This role requires a technical background and ability to understand technologies, their purpose, and their security requirements. Must understand threats and risk mitigations, while being able to recommend solutions that protect the bank and strengthen our cyber resiliency posture. Having experience aligned to DORA standards and other specific European Regulatory Knowledge that are required within Finance to ensure compliance with regulatory guidelines and standards is critical to the role.

Other Key Responsibilities Include:

• Partner with senior leaders to enable informed risk decisions providing them relevant content necessary to formulate a prioritized path forward.
• Key stakeholder to ensure cybersecurity practices are incorporated into the business processes.
• Overseeing and actively managing risks in line with risk appetite through continuous business unit engagement.
• Work closely with global cybersecurity to instill cybersecurity policies and practices throughout SSBI to address cyber control issues, and to execute timely on cyber remediation programs.
• Represent SSBI as a member of various business risk committees and forums.
• Maintain up to date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; and circulate this knowledge through Peer groups the business units.
• Establish key relationships with business risk executives, third party management, client relations, global technology services, second line and third lines of defense, and internal regulatory teams.
• Providing regulatory expertise and support in relation to SSBI’s interactions with the ECB / BaFin and branch regulators.
• Identify friction and complexity that hinder efficient security controls enterprise-wide and coordinate solutions.

Qualifications:

• 8-10 years of progressive cybersecurity experience with 4+ years within financial services.
• 4+ years of operationally focused cybersecurity practitioner.
• 5+ years’ experience working with business leadership across enterprise projects.
• Effective communication skills both written and verbal across all levels of the organization.
• Fluent in English and German.
• Demonstrate strategic and tactical thinking, along with decision-making skills and business acumen.
• Exceptional problem-solving and decision-making abilities, with a focus on finding practical and innovative solutions with a dedication to deliver tangible results.
• Bachelor’s degree in business administration or related technical field.
• CISSP Required.
• AWS or Azure Cloud certification preferable but not required.
• CISM, CRISC, and/or CISA preferable, but not required.

About State Street

What we do: State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow: We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary in locations, but you may expect generous medical care, insurance and savings plans among other perks. You’ll have access to flexible Work Program to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility: We truly believe our employees’ diverse backgrounds, experiences and perspective are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome the candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift program and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

Discover more at StateStreet.com/careers