What you will be responsible for:

• Maintain and improve methodology around monitoring and measuring threat risks tht aligns to the NIST CSF framework
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the application, system, and network environment level.
• Ensure that the risk and control assurance activities are delivered accurately and timely, in line with the StateStreet framework and methodology.
• Assist in monthly reporting on the status and outcomes of controls assurance activities
• Re-enforce an inherent culture of accountability and ownership for implementation and execution of controls across all levels and functions within the Global Cybersecurity organization
• Build strong relationships with subject matter experts and other stakeholders to drive risk excellence
• Manage a team of 3 or more controls assurance analyst and be responsible for their training, coaching and career development.
• Maintain adequate records and evidence of risk and control assurance activities  completed

What we value

Working knowledge and understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)

• Possesses a broad and comprehensive understanding of different Information Security standards, policies and compliance regulations including GLBA, GDPR, China Security Law, CCPA, etc
• Excellent verbal, written communication skills and experience presenting across the various levels within the business up to senior leadership.
• Ability to interact professionally with a diverse group and in a diverse set of regions: executive, managers, and subject matter experts, North America (NA), Asia-Pacific (APAC), and Europe and the Middle East (EMEA)
• Minimum 5 years of experience working in Information Security or general IT areas related to risk management, controls assurance, compliance programs, cybersecurity and information security regulations, industry standards, and internal policies frameworks.
• Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing is a plus
  • Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks
• Project management and reporting experience and the ability to operate in a deadline-oriented environment.
• Thrives working within a fast-paced environment

Education & Preferred Qualifications

• Bachelor’s degree and certifications in any 1 or more as below is required:

Certified Information Security Auditor (CISA), Certified Risk & Information Systems Controls (CRISC) or Certified Information Security Manager (CISM) certification preferred or similar Information Security experience