Enterprise Technology Risk Management, Cloud Service Specialist (CSS), AVP Enterprise Technology Risk Management, Cloud  …

State Street Corporation
in Quincy, MA, United States
Permanent, Full time
Be the first to apply
Competitive
State Street Corporation
in Quincy, MA, United States
Permanent, Full time
Be the first to apply
Competitive
State Street Corporation
Enterprise Technology Risk Management, Cloud Service Specialist (CSS), AVP
Enterprise Technology Risk Management, Cloud Service Specialist (CSS), AVP
It is an exciting time to join State Street Corporation (SSC) in the Enterprise Risk Management (ERM) organization as member of the Enterprise Technology Risk Management (ETRM) team. State Street is the industry leader in investment management, research & trading and servicing. ETRM is responsible for oversight, monitoring, and advisement around the management of IT risks across the State Street enterprise.
The Second Line of Defense Enterprise Technology Risk Management Team is seeking a candidate to review and assess the implementation and of Cloud Service integration for Cyber, Information Technology, operational and Resiliency risks. The candidate will closely work with team across multiple Risk, Control and Technology divisions and report into a senior Enterprise Technology Risk Manager.
General Roles and Responsibilities
The CSS will be responsible for engaging with the business to evaluate cloud based solutions and actively influence the technology service business units to drive risk down using industry best practice. This role is in direct support of a senior Enterprise Technology Risk Manager and as such will be responsible for contributing to, assessing, measuring and reporting on strategic cloud service programs. The candidate must be able to compile information and prepare reports based on both manual and automated sources, and align to applicable service strategies and established processes.
This role will work with Application Developers, Systems Engineers, and Executives to ensure mitigation of risks identified in cloud based solutions. Candidate will assist in the evaluation, research and development of IT cloud service risk assessments, security tools and implementation plans. Further, the CSS will assess operational and information security risks of new projects and non-standard IT requests using risk assessment methodologies based on provided architecture. This will require practical use and understanding of advanced Cloud Services and associated security standards, and solid knowledge of general controls principles and practices as well as latest scalable technologies (hard and soft).
  • Establish and maintain relationships with respective risk management and technical teams
  • Challenge the strategy, service design, operating model and service execution Cloud Services at State Street
  • Plan, conduct Targeted Technology Risk Assessments to Identify opportunities for improvement and prepare conclusions how to advise the operational team in the First Line of Defense (FLoD), including
    • Assessment of processes and procedures for public cloud integration
    • Analyzing the service and security requirements for public cloud implementation and integration
    • Evaluation of technological solutions dedicated to the data protection in cloud
    • Evaluation of the integration and configuration of Security as a Service
  • Provide subject matter expertise in the application of a robust control environment
  • Advise on the development and execution of an IT control assurance framework within the FLoD
  • Enable the Risk Management team to partner with the FLoD to drive issue resolution to mitigate technology risks
  • Obtain data and inputs for Technology Risk management reports for senior management and Risk Committees
  • Contribute to the continued development of risk excellence culture within State Street

Qualification:
The ideal candidate must possess the following:
  • BA/BS or equivalent experience required
  • Three (3) years of Experience in public cloud environment (Azure, AWS, Google Cloud, or Oracle Cloud) with preferred certification of AWS Cloud Practitioner, Solution Architect or SysOps Administrator or equivalents certification for other cloud providers.
  • Two (2) years of practical cloud information security experience including , preferred certification of AWS Security
  • Assess processes and procedures for public cloud integration
  • Analyze security requirements for public cloud implementation and integration
  • Evaluate effectiveness of technological solutions dedicated to the data protection in cloud
  • Evaluate the integration and configuration of Security as a Service
  • IT related internal audit, compliance, or risk management experience preferred (CISA and/or CRISC professional certifications)
  • Familiarity in Information Security Frameworks including the ISO 2700 family and NIST
  • Exceptional communication, analytical, and project management
  • Proficient in Microsoft Access, Excel, and working knowledge in SharePoint
  • Ability to multitask and navigate competing priorities
Company Overview

From technology and product innovation to corporate responsibility and community development, we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people - strengthening markets, building communities and creating opportunities for growth.

We owe that longevity to the commitment, expertise and creativity of our employees. Our continued success depends on our ability to attract and develop the best talent in the industry. That's why we're keenly focused on employee development, corporate citizenship and inclusion.

For us, success comes in the mark we make as an organization - for the industry, our clients, our communities and each other.

Close
Loading...