VP/Third Party Cyber Security Assessment Operations Leader at State Street in Quincy, Massachusetts

Job Description:

TPCRM VP Role

State Street is seeking an operations leader for our Third-Party Cyber Risk Management Program. The VP of Third-Party Cyber Risk Management Assessment Operations will be responsible for providing leadership in the effective and efficient operations pertaining to the bank's global third-party cyber risk management program, engaging with partners across the organization (including Procurement, Legal, Privacy, IT, Relationship Owners and others). They will also provide State Street leadership visibility to the risk being assumed through partners, suppliers, and other third-party relationships. .

Responsibilities

• Lead program execution and ongoing management of State Street's Third-Party Cyber Risk Management (TPCRM) Assessment Operations program


• Responsible for program elements managing third-party risk throughout the life-cycle of the third-party relationship including initial risk assessment, due diligence, and post contract monitoring


• Lead and manage a team charged with performing cybersecurity due diligence assessments on State Street's third-parties


• Oversee the continuous improvement of these processes as business unit and risk program owner requirements evolve


• Engage with and manage relationships with State Street's Global Cyber Security (GCS), Procurement, and TPRM Organization ensuring coordination across programs and alignment with overarching TPRM program requirements


• Maintain an intimate understanding of best-in-class TPCRM practices through benchmarking and continuous education


• Engage with Executive Sponsors and Business Partners and provide value-added insight to improve the certainty of business outcomes and reduce risk


• Drive accountability for third-party cybersecurity and management of risk related to third-parties with business unit Business Partners


• Conduct cyber security risk assessments, develop training and communication, monitor and test validate risk treatment and remediation, and sustain and optimize applicable TPCRM risk management programs


• Instill a culture of risk management, compliance and continuous improvement with partners, using data to influence decisions around procedures, new technologies, or changes in practice or policy, and execute appropriate remediation follow-up where controls are insufficient or not operating as intended


• Represent State Street with external industry groups and establish peer circles for benchmarking and industry learning and manage relationships with key sourcing constituents.

• Bachelor's Degree with a minimum of 5 years of experience in cybersecurity and at least 3 years managing a team of information security professionals;


• Possess a current information security certification to include but not limited to one of the following: Certified Information System Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM,) CompTIA Security +, Certified in Risk and Information Systems Control(CRISC), or OffSec Certified Professional (OSCP).


• Understanding of cybersecurity risks in terms of data driven, business driven and event driven risks.


• Proven experience in managing 3rd party risks from both a strategic and operations perspective.


• Strong understanding of regulatory and legal concerns as it relates to third party cybersecurity Risk management from a global landscape perspective


• Key competencies include: knowledge of State Street's businesses, cybersecurity policy/standards/programs, enterprise thinking with ability to build credibility within the organization; time management, project management, expertise in development and implementation of procedures and in-process metrics, strong interpersonal skills, and ability to successfully adapt to changing requirements.


• A proven ability to lead and develop organization specifically through change and transformation. Ability to lead and implement change.


• Must be comfortable with ambiguity; demonstrate strong writing, problem solving and creative thinking skills, and ability to work effectively with conceptual structures, outlines and models. Must be able to work under pressure and tight deadlines.


• Ability to interact and influence at all levels of management across divisions and functions.


• Strong negotiation and decision skills. Excellent written and verbal communication skills.

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.