Senior Information Security Officer,Vice President
- Location: London, England, United Kingdom
- Salary: Market Rate
- Job Type: Full time
A fundamental principle of the Information Security Officer Program is ensuring that all people, processes and technologies comply with CIS Controls. Senior Information Security Officers, Information Security Officers and Information Security Administrators, supporting business unit Senior Management, are tasked with monitoring compliance to these Controls.
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
Our promise to maintain an environment where every employee feels valued and able to meet their full potential infuses our company values. It’s also part of our commitment to inclusion, development and engagement, and corporate social responsibility. You’ll have tools to help balance your professional and personal life, paid volunteer days, and access to employee networks that help you stay connected to what matters to you. Join us.
Purpose of Role:
A fundamental principle of the Information Security Officer Program is ensuring that all people, processes and technologies comply with CIS Controls. Senior Information Security Officers, Information Security Officers and Information Security Administrators, supporting business unit Senior Management, are tasked with monitoring compliance to these Controls. Senior Information Security Officers, Information Security Officers and Information Security Administrators are critical to a business units’ enhanced security posture.
Regular interaction with Business Heads, Business and Functional Senior Management and other Control functions.
Major Responsibilities :
The Senior Information Security Officer (Sr. ISO) will drive compliance with CIS security controls in our business units. Applicants must have previous experience in successfully acting as a trusted and influential information security advisor to senior-level business management in a large organization. The Senior ISO will be responsible for monitoring compliance throughout their assigned business area by engaging in the following
Successfully position themselves as a trusted advisor sought out by senior business line management for advice and guidance on security issues
Develop and maintain a strong understanding of the business processes and technologies used in the business line, and the information security controls that must be applied to these processes and technologies
Manage information security compliance assessment and remediation of identified business control failures
Create and/or participate in processes (such as SDLC tollgate meetings and strategic business planning sessions) to ensure that potential security risks associated with new and existing business processes and IT applications are identified and addressed
Help CIS understand the potential business impacts of proposed new controls, and of potential security risks from new business initiatives
Actively help business unit management evaluate and mitigate risks associated with third party vendors, as part of State Street’s broader third party risk program
Act as a knowledge bridge between the business line and Corporate Information Security (CIS) during monthly reviews of information security controls
Develop and maintain among all levels of business line staff a high level of awareness about security issues and control objectives
Partner with CIS to develop and deliver actionable security reporting
Attend and actively participate in recurring meetings of State Street’s global Information Security Officer network
Oversee the work of the business unit Information Security resources (Information Security Officers and Administrators)
Participate in security incident response program representing the business area to detect and to respond to incidents in a timely manner
Ensure management attention to CIS Vendor Risk assessment deliverables
Demonstrate a commitment to information security by obtaining additional training and staying current with information security technologies and practices.
Review and approve non-standard access for high risk access (e.g. blocked web sites, mass storage, application access, non-standard device and non-
expiring passwords, process and system IDs)
The ability to influence senior business leaders about the need to embrace new security initiatives and controls is key to success in this role. When and if necessary, the Senior ISO will also participate in State Street’s incident management process as an information security subject matter expert and will, on occasion, meet with clients to discuss State Street’s information security program and capabilities. The Sr. ISO must possess the following skills/experience:
Display a culture of individual ownership of tasks to embed a clear individual sense of accountability in performing the role
Ensure that the highest level of the Code of Conduct is displayed in your behaviour
Provide appropriate management information as required to support business unit decision making
Support the ‘Risk Excellence’ culture within the business
Adhere to limits of delegation and escalation procedures required by your manager so that you comply with internal policies and external regulations
Level of Education
Strong information security program management/leadership experience
Business concepts including financial, business requirements, compliance and risk management
Financial services experience a plus
Ability to courageously influence colleagues at levels
Strong written and oral communication skills
Strong presentation skills
Professional organisation membership / certification
CISA, CISM, CISSP or similar certification required or an agreed upon plan to achieve this certification within 1 year of hire