State Street
Who we are looking for
A Business Information Security Officer (BISO) who will be an integral part of a team responsible for ensuring the security of the business and functional teams in line with the company security policy and risk tolerance.
Other key relationships:
Business Information Security Officers (BISO)
BISO Leaders
Business and Functional Technical Leaders
Cyber Transformation Office
Collaboration with 3LOD – Business, Compliance, Risk Management, Corporate Audit
Regional CISOs
What you will be responsible for
Consistently and effectively engage with Technology and Business leadership to embed security into their strategic and tactical plans
Champion the Information Security mandates acting as a liaison between Global Cybersecurity (GSC) and the business units (BU)
Actively promote and deliver on the BISO program and its mission
Ability to operate autonomously with minimal directions or instructions to fully partner and to support responsible BUs
Being a Trusted Cybersecurity Risk Adviser to the BU leadership team in all technical & cyber risk matters
Positioning security within the business with the ability to communicate in non-technical terminology
Create ambassadorship programs down in the business to ensure security is a partnership
Assist in the development and successful outcomes of Security KPI/KRI that drive control effectiveness
Report security performance and create visibility through effective metrics and reporting
Directly support technical security assessments & recommend remediation plan for the partnering BU’s
Participate in Information Security and 3rd Party Risk Management (TPRM) assessment for assigned BUs
An ability to communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner to all levels of target audience from executives to technical staff
Delivery of effective security outcomes that drives improvements of security within the business
Participate actively in decision making with management and seek to understand the broader impact of current decisions
Create and deliver effective presentations as a means for communicating project and deliverable progress at all levels of target audience.
Build and nurture positive working relationships with BU’s with the intention to exceed expectations
Work cross-functionally with team members to support and enhance collaborative environment
Manage the trade-offs required to manage the various levels of risk tolerance and risk exposure across the organization and balance this with risk investments
Partner with BU Leadership to identify, evaluate, and address cyber security risks
Ensures and monitors security compliance with industry and government rules and regulations
Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks
Promote information security awareness program to ensure staff members across the organization understand the trade-off between risk and return
Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns by end users so that policy can align with need.
Stay up to date on present and emerging security trends, technology, & threats.
Manage and mentor a small team at different skill level
What we value
These skills will help you succeed in this role:
Driving results
Analytical & Strategic Thinking
Collaborating & Influencing
Senior Executive communication
Ability to give presentations at all levels and diverse audiences
Experience managing small but technical staff
S.M.A.R.T. goals that symbolize success of Security adoption within the BUs
Project Management experience leading small and medium sized teams to successful completion
Modern technology understanding, experience developing and implementing innovated techniques and solutions to delivering cost efficient and secure solutions
Self-starter with attention to detail that believes in continuous learning and continuous improvement in all areas
Hands-on experience or working knowledge in multiple technical & security domains: Threat modeling, Cloud security, Artificial Intelligence, Automation, IAM, firewall, network, secure solution design, VPN, encryption, vulnerability & code review, Windows/Unix/Linux server security, SSO, MFA, industry security framework & standards, various protocols (e.g., TCP/IP, UDP, MPLS, SSL/TLS, SSH, HTTPS, FTP, RDP, ICA, BGP, LDAP, etc.)
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
Strong relationship building skills focused on shared decision making and accountabilities.
An ability to effectively influence others to modify their opinions, plans, or behaviors
Ability to react to high pressure dynamic changing environments
Education & Preferred Qualifications
8-12 years of experience in information security (cybersecurity) and related information technology experience required
Bachelor’s degree in a technical field (e.g., Computer Science, Engineering, IT, etc.)
Required: CISSP
Preferred: Cloud Security, AI, CRISC, CISM, CISA or similar certifications
Highly regulated environment experience, preferably financial services
Additional requirements
Travel up to 10% may be required.
Salary Range:
$130,000 - $212,500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Job Application Disclosure:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
#J-18808-Ljbffr
#J-18808-Ljbffr