WHO WE ARE LOOKING FOR

State Street’s Global Cyber Security (GCS) Third Party Cyber Risk Management (TPCRM) program seeks to mitigate a variety of third-party information security risk in accordance with the Bank’s cyber risk appetite. Through a framework that addresses policy, process, operations, people, and technology, GCS protects our infrastructure, company data, and customer assets while ensuring alignment with applicable global regulations and laws.
State Street’s TPCRM organization is seeking a Senior Analyst (Individual Contributor) in the area of Cyber Security for the Third-Party Cyber Security Assessments team. The role activities include assessing, verifying, and reporting on the effectiveness of information/cyber security related safeguards of a third party’s corporate information security program.

EDUCATION & PREFERRED QUALIFICATIONS

• Bachelor’s and/or Master’s degree in Cybersecurity, Law, Privacy, Enterprise or Operational Risk Management preferred.
• Demonstrated critical thinking and analytical skills. Ability to unwind complex cyber/information security issues for a variety of technical and non-technical audiences.
• Strong understanding of information security domains and possesses a well-rounded security and risk management background.

ARE YOU THE RIGHT CANDIDATE? YES!

We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don’t necessarily need you to fulfill all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit.

WHAT YOU WILL BE RESPONSIBLE FOR

• To thoroughly perform cyber/information security assessments of third-party service providers’ enterprise using State Street’s risk management framework and cybersecurity assessment methods for vendors of varying sizes and complexities.
• Review/analyze third party attestation and certification artifacts (SOC2, SIG, NIST, ISO 27001/2 Certifications, etc.) shared by third parties to identify the information security risks.
• Document assessment results consistent with State Street’s TPCRM, Issue Management and Enterprise Risk Management standards.
• Provide subject matter expertise in the Third-Party information security program and provide timely recommendations to identified problems.

WHY THIS ROLE IS IMPORTANT TO US

Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We’re driving the company’s digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation.
We offer a collaborative environment where technology skills and innovation are valued in a global organization. We’re looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company.
Join us if you want to grow your technical skills, solve real problems and make your mark on our industry.

These skills will help you succeed in this role:

• 5+ years of experience working in Cyber/Information Security Governance Risk and Compliance role.
• 3+ years of experience performing Third Party Cyber/Information Security Assessment or Cyber Security Assessments.
• Knowledge of security and risk management frameworks as well as regulations such as ISO 27001/27002, NIST, FRB/OCC Third Party Risk Management Guidelines, FFIEC Security Handbook, GDPR, DORA, etc.
• Superior attention to detail with excellent written and both verbal communication and presentation skills.
• Expertise in writing technical and risk management reports