Sign up
Sign up
empty
Senior Information Security Officer
State Street
.svg)
Remote Eligibility
On-site
Domain
Governance, Risk & compliance
State
Massachusetts
City
Quincy
Job Description
Posted on:
February 24, 2025
Primary NIST Speciality
Oversee and Govern
NIST Sub-speciality
Cybersecurity Management
Seniority
Senior
Salary ($K)
170
-
283
Summary and company overview
Senior Information Security Officer
The Senior Information Security Officer provides cyber risk management oversight to lines of business and legal entities within State Street and sits within the first line of defense and reports into the Global Cybersecurity Organization. The Senior Information Security Officer will manage a small team of business unit aligned risk professionals to strengthen cyber control adoption at the business unit level, lead cyber metrics discussions, influence strong cyber awareness behavior, present open risk and vulnerabilities to technical and business aligned partners, while communicating bi-directionally between the business units and the global cybersecurity leadership team.
The Senior Information Security Officer will be a strategic change agent that in addition to managing a small team, will also be a thought leader to protect the bank. Being able to build trust through information and transparency among senior executives while being able to present to the highest level of leadership within State Street with appropriate technical and business detail is necessary for this role. As a critical partner to the senior business leaders within the first line of defense, the incumbent must be skilled at influencing change to lead teams to further adopt cyber controls while reducing overall residual risk to their businesses.
This role requires a technical background and ability to understand technologies, their purpose, and their security requirements and data protection needs wherever they reside. Must understand threats and risk mitigations, while being able to recommend solutions that protect the bank and strengthen our cyber resiliency posture.
Responsibilities
- Partner with senior leaders to enable informed risk decisions providing them all relevant content necessary to formulate a prioritized path forward.
- Key contact to ensure cybersecurity practices are built into the business processes.
- Overseeing and actively managing risks in line with risk appetite through continuous business unit engagement.
- Work closely with global cybersecurity to instill cybersecurity policies and practices throughout business units to address cyber control issues, and to execute on cyber remediation programs.
- Represent the global cyber security organization as a member of various business risk committees.
- Maintain up to date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; and circulate this knowledge through the business units.
- Establish key relationships with business risk executives, third party management, client relations, global technology services, second line and third lines of defense, and internal regulatory teams.
- Identify friction and complexity that hinder efficient security controls enterprise-wide and coordinate solutions.
Job Requirements
Required Qualifications:
- At least 12 years of progressive cybersecurity experience with 6+ years within financial services.
- 6+ years of operationally focused cybersecurity practitioner.
- 5+ years’ experience working with business leadership across enterprise projects.
- Effective communication skills both written and verbal across all levels of the organization.
- Able to acquire, motivate, and attain top talent through networking and relationships while building talent pipelines.
- Ability to manage matrix team environments both direct and indirect reporting lines onsite and remotely.
- Demonstrate strategic and tactical thinking, along with decision-making skills and business acumen.
- Bachelor’s degree in business administration, Information Assurance, or related technical field.
- CISSP Required.
Preferred Qualifications:
- AWS or Azure Cloud certification preferable but not required.
- CISM, CRISC, and/or CISA preferable, but not required.
Additional commentary
Salary Range:
$170,000 - $282,500 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Job Application Disclosure:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Summary and company overview
Senior Information Security Officer
The Senior Information Security Officer provides cyber risk management oversight to lines of business and legal entities within State Street and sits within the first line of defense and reports into the Global Cybersecurity Organization. The Senior Information Security Officer will manage a small team of business unit aligned risk professionals to strengthen cyber control adoption at the business unit level, lead cyber metrics discussions, influence strong cyber awareness behavior, present open risk and vulnerabilities to technical and business aligned partners, while communicating bi-directionally between the business units and the global cybersecurity leadership team.
The Senior Information Security Officer will be a strategic change agent that in addition to managing a small team, will also be a thought leader to protect the bank. Being able to build trust through information and transparency among senior executives while being able to present to the highest level of leadership within State Street with appropriate technical and business detail is necessary for this role. As a critical partner to the senior business leaders within the first line of defense, the incumbent must be skilled at influencing change to lead teams to further adopt cyber controls while reducing overall residual risk to their businesses.
This role requires a technical background and ability to understand technologies, their purpose, and their security requirements and data protection needs wherever they reside. Must understand threats and risk mitigations, while being able to recommend solutions that protect the bank and strengthen our cyber resiliency posture.
