Who we are looking for

The VP, Information Security Officer, provides cyber risk management advisory services across all lines of business within State Street. This role is responsible for working closely with the development teams and aligned cybersecurity peers in protecting digital assets, securing cloud resources, and assessing cyber risk across the organization, by identifying vulnerabilities and issues, providing technical guidance on secure development platforms, evaluating 3rd party cyber controls, designing threat models, and establishing strategic cyber risk prioritization.

The Information Security Officer will be a strategic change agent that, in addition to providing cyber advisory services, will also be a thought leader to protect the bank assisting global cybersecurity teams in establishing Artificial Intelligence use cases to improve accuracy, increase scalability, and reduce human error.

What you will be responsible for

• Cyber risk assessment at the application/platform/system levels to identify vulnerabilities and potential threats.
• Through collaboration, design appropriate end to end cyber remediation solutions that align to regulatory or industry standards to remediate risk.
• Design security capabilities within the development teams allow them to build scale across all scrum teams.
• Strong technical collaboration and cyber influence with application and platform owners.
• Provide expert guidance and recommendations to senior management on security matters, including risk mitigation solutions, new attack vectors and prevention, and metrics to identify areas of improvement in processes.
• Optimize ways to increase security and speed of deployment, while reducing friction within the development cycle.
• Collective design and optimize strong DevSecOps models.
• Evaluate third party software and services that strengthen cyber capabilities.
• Establish a targeted awareness campaign for developers that fosters a “security-first” culture, promotes collaboration, and encourages proactive ownership.
• Work directly with technology developers in an agile security lifecycle environment from requirements through deployment and response.

What we value

These skills will help you succeed in this role

• At least 7 years of progressive cybersecurity experience with 3+ years within financial services.
• 3+ years of operationally focused cybersecurity practitioner working with secure cloud technologies.
• 2+ years’ experience working with business leadership across enterprise projects.
• Strong analytical and problem-solving skills, excellent communication (written and verbal) and advisory skills, attention to detail, ability to work independently and in teams, adaptability, and ethical judgment.
• Strong technical expertise in at least two focus areas specifically in Multi-Cloud, AI, Software Supply Chain, and Quantum Computing.
• Fundamental understanding of data structures, algorithms, and secure coding practices.
• Strong working knowledge of secure architectural design principles such as defense in depth, simplification, and secure by design.
• Strong technical knowledge in network security, product security, and data protection.
• Strong understanding of encryption, tokenization, and hashing.
• Good working knowledge of agile methodology, procedures, and iterative decision making.
• Demonstrate strategic and tactical thinking, along with decision-making skills and business acumen.

Education & Preferred Qualifications

• Bachelor's Degree in Information Technology or related technical discipline
• Beneficial to have secure programming experience but not a necessity.
• At least one - Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified AI Security Fundamentals (CAISF), or Offensive Security Certified Professional (OSCP).
• AWS or Azure Cloud Security is preferable but not required.

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.