Third-party Resilience Lead VP Third-party Resilience Lead VP …

State Street Corporation
in Quincy, MA, United States
Permanent, Full time
Be the first to apply
State Street Corporation
in Quincy, MA, United States
Permanent, Full time
Be the first to apply
State Street Corporation
Third-party Resilience Lead VP
Scope of Position
The Enterprise Continuity Services (ECS) Third-Party Resilience Lead reports to the Global Head of ECS and is responsible for ensuring the alignment of State Street's critical vendors/associated third parties to the corporate-wide operational resilience and business continuity programs. This position requires the knowledge and skillset to identify risks within the Third-Party Resilience program, drive remediation efforts accordingly, and monitor until completion.

The Third-Party Resilience Lead will serve as the key liaison between the ECS and Third-Party Risk Management (TPRM) teams, to ensure that business continuity/resilience due diligence is adequately addressed amongst State Street's most business-critical vendors. This role will provide vendor recovery risk oversight and subject matter expertise to ensure that State Street business lines and their vendors have a full understanding of State Street's vendor resilience program requirements. It will also oversee and provide input on vendor due diligence reviews, vendor recovery strategy, testing capabilities, and performance monitoring. Additionally, the Third-Party Resilience Lead will play a role in evaluating the cyber resilience and incident response plans of critical vendors.

As Third-Party Resilience is a new initiative within the firm, the Third-Party Resilience Lead will also play a key role in building the program and its associated frameworks, requirements, and program management.

Primary Responsibilities:
Program Management
  • Ensure that enterprise Business Continuity, operational resilience, and regulatory requirements are adequately addressed amongst State Street's most business critical vendors
  • Develop and enhance Third-Party Resilience framework(s) to identify, measure, monitor, and mitigate business continuity risks associated with outsourcing onshore and offshore services
  • Consult with the Third-Party Risk Management (TPRM) team and key stakeholders across the Bank to prepare business units to respond and recover from critical third-party service disruptions
  • Support the business in the documentation of recovery plans and exit strategy (for both short-term and long-term outages), incident response plans, and cyber resilience plans for State Street's most critical vendors
  • Collaborate with other ECS team leads to ensure that third-party resilience is addressed and considered in the business service criticality evaluation process and associated frameworks
Risk Assessment
  • Provide input for the third-party resilience content of the Inherent Risk Questionnaire to effectively and accurately identify the inherent continuity risks associated with outsourcing products and services, and validate that vendors are completing this documentation appropriately
  • Partner with Third-Party Risk Management (TPRM) to develop procedures to assess concentration risk measurement for critical service providers, highlight risk areas to the Bank, potential mitigation actions, and risk acceptance as necessary
  • Evaluate third-party cyber resilience activities including malware, ransomware, network connectivity, insider threats, and cyber incident response planning
Third- Party Contracting
  • Work closely with pertinent parties to ensure that resilience requirements are incorporated into the contractual process for firm critical vendors
  • Consult with State Street legal and business owners to establish and maintain Business Continuity/Disaster Recovery contractual language, and develop a checklist to verify these provisions in new and existing contracts, master service agreements, amendments, work orders, etc.
  • Appropriately escalate issues found where necessary contractual provisions are not present in existing contracts with vendors, and develop action plans to either remediate or formally accept the identified risks
Ongoing Due Diligence
  • Oversee in the annual reassessment of critical vendors and their control environment(s) to determine if the inherent continuity risks for the products and/or services being provided has changed
  • Contribute the business continuity content within the Inherent Risk/Due Diligence Questionnaires to efficiently, accurately, and consistently evaluate the vendor controls against enterprise wide standards, and validate availability of documentation to support vendor responses
  • Identify any known issues or weaknesses in the vendor's third-party resilience capabilities and escalate them as appropriate
Third-Party Testing
  • Develop third-party resilience testing scenarios that address potential disruptions of State Street business lines, third parties, or a combination of the two
  • Assess critical vendor resilience testing results, validate that results are adequate, and that applicable artifacts were collected are part of the due diligence processes
  • Develop templates and formats to effectively capture resilience testing results for State Street outage scenarios, vendor specific outage scenarios, and complex outage scenarios involving both parties and/or their dependencies
Performance Monitoring
  • Effectively monitor the performance of third-party service providers throughout the lifecycle of the business relationship, including activities such as identifying performance inconsistencies, review of incidents impacting operational capabilities, remedial actions taken by service providers (if applicable), and obtaining documentation that support key actions taken
  • Collaborate with the appropriate parties to incorporate incident management and response content into performance monitoring activities, and remediate identified gaps in performance monitoring activities for critical service providers

  • 5+ years Third-party Risk Management and/or Business Continuity experience required
  • 5+ years related industry experience a plus
  • Professional Third-party/Business Continuity certification preferred
  • Familiarity and understanding of FFIEC Appendix J - Strengthening the Resilience of Outsourced Technology Services
  • Project Management, analysis and reporting experience beneficial
  • People management and oversight skills required
  • Third-party risk management and disaster recovery experience in a financial services industry
  • Knowledgeable in Procurement or Contracts Management is a plus
  • Strong written, verbal communication and presentation skills
  • Strong organizational skills and the ability to multi-task, drive results, and meet deadlines
  • Excellent Excel, PowerPoint and SharePoint skills required

Company Overview

From technology and product innovation to corporate responsibility and community development, we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people - strengthening markets, building communities and creating opportunities for growth.

We owe that longevity to the commitment, expertise and creativity of our employees. Our continued success depends on our ability to attract and develop the best talent in the industry. That's why we're keenly focused on employee development, corporate citizenship and inclusion.

For us, success comes in the mark we make as an organization - for the industry, our clients, our communities and each other.