Cyber GRC Leader - SVP
State Street seeks to recruit a Cyber Governance, Risk & Compliance (GRC) leader to enable the transformation to a business enabling governance, risk and compliance team that drives towards clear informed risk-based decisions by the business and a trust center model to facilitate transparency and customer trust, while still meeting stringent regulatory requirements to protect State Street, its customer, partners and employees.
This candidate should be a proven global GRC leader who has experience in delivering outcomes with operational excellence and a focus on the customer and business needs. The candidate should have experience in large scale cyber transformations, as well as company digital transformations. Talent acquisition and development are a critical component to ensure the success of this organization, and therefore this leader should be a teacher and mentor with experience in identifying, creating and retaining high potential and high performance teams.
This leader will have a broad range of responsibilities within the cyber team and will be responsible for the strategy and implementation of the new GRC function. Specifically this leader will have responsibility for Cyber GRC and the key underlying capabilities to include but not limited to:
- Participate as a member of the security leadership team in establishing the strategy, direction and controls to ensure that objectives are achieved, risks are managed appropriately and the organization's resources are used responsibly.
- Provide security thought leadership across the organization.
- Develop and implement risk management assessments and strategies in collaboration with Enterprise Technology Risk Management
- Direct all security compliance programs across the organization, and partner with Business Controls function
- Develop and manage security policies, procedures, controls, recommendations and standards to ensure compliance with applicable security laws, regulations, and privacy legislation as appropriate
- Alignment with the rest of the GTS and business functions
EVP & CISO Other key relationships:
- SVP - Cyber Architecture and Engineering
- SVP - Cyber Fusion
- GTS CTO & CTO organization
- Collaboration with 3LOD - Compliance, Risk Management, Corporate Audit
- Drive the cyber GRC strategy for State Street to create an industry leading capability to appropriately govern and manage cyber risk
- Translate the GRC strategy into an executable, timebound roadmap for delivery and define the appropriate organization design and interaction points with other functions
- Collaborate with Cyber Architecture and Engineering to ensure the appropriate standards available to support the corporate policies
- Build out and retain critical cyber talent, along with the necessary supporting pipeline
- Ensure existing obligations to the business and regulators are met within the specified timelines
- Create visibility through effective metrics and reporting
- Manage and make appropriate changes to the product assurance (secure development lifecycle (SDL)) and ensure the program is implemented enterprise wide to support application/product assurance
- Influence and work with all Lines of Business for the Product Assurance and GRC functions.
- Provide feedback and thought leadership to SSTB program across the organization
- Delivery of a cyber GRC function, that enables State Street to have a world-class capability to effectively address the increasingly complex and rapidly evolving security needs of the Bank
- Delivery of integrated capabilities across various sub-disciplines within the GRC organization, Cyber, and Global Technology Services
- Strong partnership with 3 lines of defense
- Integrated & optimized governance program that works collaboratively with Lines of Business to ensure secure solutions and delivery
- Formation of Trust Center model to enable strong customer trust
- Build a team across the appropriate security domains with a deep bench of talent, succession plans, and a cohesive culture of operational excellence, accountability and a passion for learning.
Critical Leadership Capabilities
- 15+ years of managerial experience in information security, a security related field or other complex information risk management function
- Cyber related Governance, Risk & Compliance experience to cover both IT and Product (customer delivery)
- Has lead teams in excess of 200 - FTE and contractors/outsourcers
- Experience operating in regulated environment
- Bachelor's degree in a technical field
- Driving results
- Strategic Thinking
- Collaborating & Influencing