It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. SSC is embarking on a major technology transformation which includes significant transformation and technology modernization and adoption with migration to hybrid cloud premises as a primary goal. ETRM is responsible for risk leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, including security and resiliency.
Position Description
As a representative of the Enterprise Technology Risk Group you will have risk oversight responsibility to include State Street's technology transformation initiative, new technology integrations as well as operational focus on overall IT service management. You will be responsible for providing independent risk oversight, review and challenge on technology adoption and migration.
This role may include oversight of, but not limited to:
Review, challenge, advisement on technology programs and activities
Identify, communicate and escalate all technology related risks
Risk Oversight of new technology and advancements in Cloud, AI and Blockchain
Liaison to the Technology Transformation Program
Primary Responsibilities
Oversight and assessment of design and operational effectiveness related to new technologies including cloud architectures, deployment strategies, security and operations
Awareness of technology focused regulatory requirements and ability to apply to new and emerging technologies
Review and Influence technology based policy, standards, procedures, guidelines, controls, control testing, risk metric development and measurement, and associated reporting
Anticipate critical issues and risks; take responsibility for identifying or escalating key risks and impacts based on non-compliance with internal and external standards, assist first line with planning and executing additional compensating controls, and participate in various decision making forums on risk appetite setting and risk acceptance
Develop and communicate comprehensive risk views of existing and emerging technology programs
Advise first line on risks faced during large technology transformation efforts and data migration projects
Factor the entire technology risk taxonomy into all assessments engaging with other area expertise and regional risk teams, to develop comprehensive risk view for reports and memos
Work collaboratively with the First Line of Defense, as well as, with Audit and other ERM functions to integrate reviews, controls testing, or on ETRM recommendations
Extract, analyze, synthesize, and report on information from various sources including Incident Management, Archer, change control, release plans, etc.
Manage to the overall second line book of work and ensure tasks are completed by deadlines based on issue life cycle
Develop presentations for various technology and risk committees to highlight ETRM findings and recommendations
Deep dive technology risk assessments partnering with Global Technology Services (GTS) and track key risk indicators
Candidate Must Haves
In-depth technical knowledge and experience working within multiple cloud environments supporting application and infrastructure resiliency
Solid understanding of IT Service Management, CCM and security standards such as NIST
Familiarity with Technology and Transformation Risk Frameworks
Familiarity with emerging technology such as Blockchain an AI
Superior communication, interpersonal, negotiation, presentation and intergroup skills are critical
Excellent management skills with the ability to implement and sustain governance to ensure all Policy, Appetite, Taxonomy, Procedures, Guidelines are being adhered to and escalation where there is any risk
The ability to influence technology leaders about the need to embrace risk reduction initiatives and controls is key to success in this role
Ability to understand State Street's critical business services and how they are delivered via the underlying system architecture
An in-depth understanding of Technology Risk Management and it's alignment across SSCs three lines of defense
Self-Starter, Navigating on your own
Required Qualifications
Minimum 10+ years of experience in Financial, Consulting, or Technology Industries
Experienced in complex interactive deployments to AWS, Azure, Oracle Cloud, and edge colocation facilities
Strong knowledge in cloud based identity and access management strategies and deployments
Experience with cloud automation and deployment tooling
Experience in hybrid cloud and API security strategies
Experience in data encryption and key management processes
Knowledgeable in cloud based data repository design and migrations to cloud based storage environments
Expertise with both private and public cloud environments and associated industry best practices
Familiar with legacy database conversion to cloud native database options
Knowledgeable in cloud native deployments, including microservices and containers
Experience with Risk Management, Technology Audits, large scale technology infrastructures
Project/Program Management experience with PMP certification preferred
Strong critical thinking, problem solving, and decision making skills
Bachelor's degree in Technology or related or related major, CISA, CRISC or other risk management professional certifications preferred
Experience with Microsoft Tools/Data Analytics/Dashboards is a plus
Travel less than 10%
Salary Range: $140,000 - $222,500 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Job Application Disclosure:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.