What you will be responsible for:
- Maintain and improve methodology around monitoring and measuring threat risks tht aligns to the NIST CSF framework
- Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the application, system, and network environment level.
- Ensure that the risk and control assurance activities are delivered accurately and timely, in line with the StateStreet framework and methodology.
- Assist in monthly reporting on the status and outcomes of controls assurance activities
- Re-enforce an inherent culture of accountability and ownership for implementation and execution of controls across all levels and functions within the Global Cybersecurity organization
- Build strong relationships with subject matter experts and other stakeholders to drive risk excellence
- Manage a team of 3 or more controls assurance analyst and be responsible for their training, coaching and career development.
- Maintain adequate records and evidence of risk and control assurance activities completed
What we value
Working knowledge and understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
- Possesses a broad and comprehensive understanding of different Information Security standards, policies and compliance regulations including GLBA, GDPR, China Security Law, CCPA, etc
- Excellent verbal, written communication skills and experience presenting across the various levels within the business up to senior leadership.
- Ability to interact professionally with a diverse group and in a diverse set of regions: executive, managers, and subject matter experts, North America (NA), Asia-Pacific (APAC), and Europe and the Middle East (EMEA)
- Minimum 5 years of experience working in Information Security or general IT areas related to risk management, controls assurance, compliance programs, cybersecurity and information security regulations, industry standards, and internal policies frameworks.
- Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing is a plus
- Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks
- Project management and reporting experience and the ability to operate in a deadline-oriented environment.
- Thrives working within a fast-paced environment
Education & Preferred Qualifications
- Bachelor’s degree and certifications in any 1 or more as below is required:
Certified Information Security Auditor (CISA), Certified Risk & Information Systems Controls (CRISC) or Certified Information Security Manager (CISM) certification preferred or similar Information Security experience