Who we are looking for

State Street is seeking an experienced Encryption Lead – Key Management to design, implement, and optimize enterprise-wide encryption and key management solutions across cloud, on-premises, and IoT environments in a highly regulated industry.  This role will be responsible for defining cryptographic strategies, ensuring compliance with regulatory standards, and leading the integration of encryption services across a diverse infrastructure.

As financial institutions increasingly adopt hybrid cloud and IoT-enabled banking solutions, this role will play a critical part in securing data at rest, in transit, and in use, ensuring end-to-end cryptographic protection across applications, infrastructure, and connected devices.  The ideal candidate will have deep expertise in cryptographic key management, Hardware Security Modules (HSMs), Public Key Infrastructure (PKI), cloud security, IoT encryption protocols, and enterprise data protection.

This role can be performed in a hybrid model, where you can balance work from home and office to match your needs and role requirements.

What you will be responsible for

Develop and maintain the enterprise cryptographic strategy, ensuring alignment with security, compliance, and business objectives.Define and implement key lifecycle management processes and procedures, including key generation, rotation, revocation, and decommissioning for cloud, on-premises, and IoT environments.Architect and deploy centralized Key Management Systems (KMS), including cloud-native KMS (AWS KMS, Azure Key Vault, OCI KMS), enterprise HSMs, and PKI solutions.Ensure robust data encryption methodologies are applied to data stored in databases, applications, and IoT connected devices.Collaborate with cloud security and DevSecOps teams to integrate encryption and key management into CI/CD pipelines and Infrastructure as Code (IaC) deployments.Develop IoT encryption frameworks to secure IoT devices.Oversee the integration of encryption solutions into applications, databases, cloud services, IoT platforms, and enterprise infrastructure.Collaborate with application security, infrastructure, and DevSecOps teams to embed cryptographic security controls into software development and deployment processes.Drive post-quantum cryptography (PQC) readiness by evaluating and preparing for emerging threats to encryption security.Ensure compliance with NIST 800-57, PCI DSS, FIPS 140-2/3, ISO 27001, GDPR, FFIEC, and IoT security (NIST 800-183, ETSI EN 303 645).Developing governance frameworks for cryptographic key management, including policies for key storage, access control, logging, and auditing.Conduct risk assessments, vulnerability testing, and security reviews for cryptographic implementations, IoT ecosystems, and cloud security controls.Act as a key stakeholder in security audits, regulatory assessments, and IoT security standardization efforts.Provide Technical mentorship and training to internal teams on encryption best practices, cloud security, and IoT security.Stay ahead of advancements in cryptographic algorithms, quantum computing risks, and emerging IoT security frameworks.Drive innovation in encryption automation, integrating key management with DevSecOps, and Infrastructure as Code (IaC).

Education & Preferred Qualifications

You have multiyear (>6 years) experience within Cybersecurity including SecOps, threat modelling, and secure architecture.Bachelor's Degree in Computer Science/Engineering or related discipline, or equivalent work experience.Strong proficiency in Python, PowerShell, Bash, or Java.Hands-on Experience with key management systems (HashiCorp Vault, ASW KMS, Azure Key Vault, OCI KMS).Familiarity with X.509 certificates, PKI automation, TLS/SSL, ACME protocol, and certificate lifecycle management.Experience with Kubernetes, Terraform, Ansible, Chef, and CI/CD automation.Understanding of cryptographic algorithms (AES, RSA, ECC), hardware security modules (HSMs), and secure key storage practices.Experience working in financial institutions or other highly regulated industries.Certifications such as CISSP, CISM, AWS Security Specialty, HashiCorp Certified Vault Associate or CCSK.Familiarity with NIST 800-57, PCI DSS, FIPS 140-2/3, ISO 27001, GDPR, FFIEC, and IoT security (NIST 800-183, ETSI EN 303 645).

Additional requirements

Travel up to 25% may be required

Are you the right candidate? Yes!

We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don’t necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit.

Why this role is important to us

Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We’re driving the company’s digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation.

We offer a collaborative environment where technology skills and innovation are valued in a global organization. We’re looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company.

Join us if you want to grow your technical skills, solve real problems and make your mark on our industry.

About State Street

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You’ll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

Salary Range:

$130,000 - $205,000 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street's Speak Up Line