الوصف الوظيفي
Job DescriptionWho we areIt is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. ETRM in its capacity as Second Line of Defense (SLOD) is responsible for leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, security, and resiliencyWho we are looking forAs a representative of the ETRM group, you will be amid State Street’s multi-year technology transformation journey and regulatory requirements and responsible for providing independent risk oversight, review and challenge on technology risk assurance programs of various Business Units within State Street. The candidate will closely work with the global ETRM team and other cross functional teams such as First Line of Defense (FLoD), Technology divisions (Global Technology Services - GTS, Global Cybersecurity Services - GCS etc.) and Third Line of Defense (TLoD)What you will be responsible forAs an AVP, Technology Risk Consultant – ETRM, you will be responsible for providing risk oversight support on below areas:Perform Technology Risk Assessments related to Cyber and Information Security, Technology Change Management, Third Party Risk Management, Asset Management, Incident Management and Technology Resiliency etc.Review and appropriately challenge technology risk decisions, direction, and initiatives executed by Information Security, IT or business, and providing an independent voice to the risk management processEvaluate Information and IT Security risks arising from control inefficiencies or lack thereof in various Business UnitsEstablish and maintain relationships with all business stakeholders and technical teams to ensure alignment between ETRM strategy, business requirements, and development activitiesProvide direction, support and oversight with respect to management of security and technology risks of core technology systems and the design of key controlsCollaborate with technology teams across the FLOD for them to develop strong remediation plansDeliver assigned projects independently on time, with limited support from managementDevelop presentations for risk committees to highlight ETRM findings and recommendationsTeam Management Work with, leverage, and mentor other team members to maximize impact and throughputLive and define a culture, value and practice leadership principlesAttract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of othersWhat we valueEffective communication, analytical, and project management skillsAbility to multitask and navigate competing prioritiesInitiative-taker, Navigating on your ownAbility to effectively develop and manage relationships across core stakeholder groupsMust be able to work during US and India time zones with an overlap of at least 4 hoursPrimary Skills (Must Have)Experience in IT related audits, Information Technology General Controls (ITGC), Risk and Control Self Assessments (RCSA) to evaluate application development and maintenance controls, change management controls and cybersecurity controls etc.Good understanding of state of the art IT & Cyber Security products, services and technologiesFamiliarity in Information Security Frameworks including the ISO 27000 family, NIST, Cloud CCMKnowledge of domains under ITIL (Information Technology Infrastructure Library) PracticesTechnology Management (Software Development and Management, Infrastructure and Platform Management)Service Management (Availability Management, Capacity and Performance Management, Change Management, Incident Management, IT Asset Management etc.)A strong understanding of Technology Risk Management to influence leaders on the need to embrace risk reduction initiatives and controlsAbility to translate technical issues into risk terms that business can understand is absolutely necessaryExcellent communication, interpersonal, presentation and intergroup skillsProficient in Excel, Word, Flowcharting, PowerPoint etc.Education & Preferred QualificationsGraduate in Computer Engineering (preferably BE / B TECH / MCA)Minimum 14+ years of experience in information technology with 6-10 years of relevant experience in Technology Risk Assurance function - IT Risk Management/Transformation, Operational Resilience and Third-Party Risk ManagementStrong project management abilities, critical thinking, problem solving, and decision-making skillsKnowledge and experience of Emerging Technologies, FinTech and Cloud services is a plusExperience with Microsoft Tools/Data Analytics/GRC tools is a plusProfessional certifications such as CGEIT, CISA, CISM, CISSP, CCSP, COBIT, CRISC and ITIL are a plusState Street's Speak Up Line
