Job Description
Information Security Assurance, AVP
Job Overview
The candidate will support the overall corporate information security compliance to State Street internal policies, external regulatory and client requirements. As a member of the Policy & Governance team, the individual will maintain the enterprise information security policies and processes necessary to support information security compliance with established company policies, regulatory requirements, and generally accepted information security controls. Assist the business with the Corporate Information Security (CIS) exception process and review/update internal controls, policies and standards for State Street globally.
Responsibilities
- Maintains enterprise information security policies, technical standards, guidelines, and procedures necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls.
- Researches compliance issues/questions for existing and new regulations, and provides interpretation or clarification within the team.
- Collaborate with Corporate Compliance, Legal, Regulatory Affairs, Corporate Audit and Enterprise Technology Risk Management as appropriate in assessing State Street internal policy compliance against external requirements.
- Coordinate, review and respond for the respective CIS areas covering regulatory compliance assessments and client questionnaires in support of new and current clients using and maintaining our central repository of responses.
- Collaborate with other team members throughout the organization ensuring consistency in the alignment of State Street policy, standards, procedures and controls.
- Assist and contribute to additional projects and deliverables related to assurance, governance and policy requests as they pertain to CIS initiatives.
- Participate in the development implementation review and revisions of compliance procedures and systems within Corporate Information Security.
- Develop understanding of State Street's IT infrastructure and compliance levels pertaining to Cyber and Information Security.
- Assist with the establishment of key operational metrics supporting the tracking, status and progress of regulatory requests and questionnaires as they pertain to cyber and information security.
Qualifications
- Excellent verbal, written communication skills and experience presenting across the various levels within the business up to senior leadership.
- Ability to interact professionally with a diverse group and in a diverse set of regions: executive, managers, and subject matter experts, North America (NA), Asia-Pacific (APAC), and Europe and the Middle East (EMEA)
- Minimum 3 years of experience working in Information Security or general IT areas related to risk management, controls assurance, compliance programs, cybersecurity and information security regulations, industry standards, and internal policies frameworks.
- Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks
- Possess strong knowledge and experience with of one or more of the following cybersecurity frameworks; NIST CSF, NIST 800-53 or ISO 27001/27002.
- Project management and reporting experience and the ability to operate in a deadline-oriented environment.
- Applies administrative oversight and managerial skills to various projects and assessments.
- Certified Information Security Auditor (CISA), Certified Risk & Information Systems Controls (CRISC) or Certified Information Security Manager (CISM) certification preferred or similar Information Security experience.
- Possesses a broad and comprehensive understanding of different Information Security standards, policies and compliance regulations including GLBA, GDPR, China Security Law, CCPA, etc.
Job ID: R-749173