It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. SSC is embarking on a major technology transformation which includes significant transformation and technology modernization and adoption with migration to hybrid cloud premises as a primary goal. ETRM is responsible for risk leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, including security and resiliency.  

Position Description

As a representative of the Enterprise Technology Risk Group you will have risk oversight responsibility to include State Street’s emerging technology adoptions such as Blockchain, GenAI, cloud computing and cloud technology integrations. The position will also address operational focus area for the above including overall IT service management. You will be responsible for providing independent risk oversight, review and challenge on these technology adoptions and migrations.

This role may include oversight of, but not limited to:

Review, challenge, advisement on technology programs and activitiesIdentify, communicate and escalate all technology related risks Risk Oversight of new technology and advancements including Cloud, AI and BlockchainOversight of existing technologies across the IT TaxonomyLiaison to appropriate First Line programs

Primary Responsibilities

Oversight and assessment of design and operational effectiveness related to new technologies including cloud architectures, deployment strategies, security and operationsAwareness of technology focused regulatory requirements and ability to apply to new and emerging technologiesReview and Influence technology based policy, standards, procedures, guidelines, controls, control testing, risk metric development and measurement, and associated reporting  Anticipate critical issues and risks; take responsibility for identifying or escalating key risks and impacts based on non-compliance with internal and external standards, assist first line with planning and executing additional compensating controls, and participate in various decision making forums on risk appetite setting and risk acceptanceDevelop and communicate comprehensive risk views of existing and emerging technology programs  Advise first line on risks faced during large technology transformation efforts and data migration projectsFactor the entire technology risk taxonomy into all assessments engaging with other area expertise and regional risk teams, to develop comprehensive risk view for reports and memosWork collaboratively with the First Line of Defense, as well as, with Audit and other ERM functions to integrate reviews, controls testing, or on ETRM recommendationsExtract, analyze, synthesize, and report on information from various sources including Incident Management, Archer, change control, release plans, etc.Manage to the overall second line book of work and ensure tasks are completed by deadlines based on issue life cycleDevelop presentations for various technology and risk committees to highlight ETRM findings and recommendationsDeep dive technology risk assessments partnering with Global Technology Services (GTS) and track key risk indicators

Candidate Must Haves

Technical knowledge and experience working within emerging technology areas and cloud environments supporting application and infrastructure resiliencySolid understanding of IT Service Management, CCM, COBIT and security standards such as NIST 800-53.Familiarity with Technology and Transformation Risk Frameworks including controls and control testing for Design and Operating effectivenessFamiliarity with emerging technology such as Blockchain and AISuperior communication, interpersonal, negotiation, presentation and intergroup skills are criticalExcellent management skills with the ability to implement and sustain governance to ensure all Policy, Appetite, Taxonomy, Procedures, Guidelines are being adhered to and escalation where there is any riskThe ability to influence technology leaders about the need to embrace risk reduction initiatives and controls is key to success in this role Ability to understand State Street’s critical business services and how they are delivered via the underlying system architectureAn in-depth understanding of Technology Risk Management and it’s alignment across SSCs three lines of defenseSelf-Starter, Navigating on your own

Required Qualifications

10+ years of experience in Financial, Consulting, or Technology IndustriesExperienced in complex interactive deployments to AWS, Azure, Oracle Cloud, and edge colocation facilities  Strong knowledge in cloud based identity and access management strategies and deploymentsExperience with cloud automation and deployment tooling   Experience in hybrid cloud and API security strategiesExperience in data encryption and key management processesKnowledgeable in cloud based data repository design and migrations to cloud based storage environmentsExpertise with both private and public cloud environments and associated industry best practicesFamiliar with legacy database conversion to cloud native database optionsKnowledgeable in cloud native deployments, including microservices and containersExperience with Risk Management, Technology Audits, large scale technology infrastructuresProject/Program Management experience with PMP certification preferredStrong critical thinking, problem solving, and decision making skillsBachelor’s degree in Technology or related or related major, CISA, CRISC or other risk management professional certifications preferredExperience with Microsoft Tools/Data Analytics/Dashboards is a plusTravel less than 10%

Salary Range:

$140,000 - $222,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street's Speak Up Line