It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. SSC is embarking on a major technology transformation which includes significant transformation and technology modernization and adoption with migration to hybrid cloud premises as a primary goal. ETRM is responsible for risk leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, including security and resiliency.

Position Description

As a representative of the Enterprise Technology Risk Group you will have risk oversight responsibility to include State Street's emerging technology adoptions such as Blockchain, GenAI, cloud computing and cloud technology integrations. The position will also address operational focus area for the above including overall IT service management. You will be responsible for providing independent risk oversight, review and challenge on these technology adoptions and migrations.

This role may include oversight of, but not limited to:

• Review, challenge, advisement on technology programs and activities


• Identify, communicate and escalate all technology related risks


• Risk Oversight of new technology and advancements including Cloud, AI and Blockchain


• Oversight of existing technologies across the IT Taxonomy


• Liaison to appropriate First Line programs

• Oversight and assessment of design and operational effectiveness related to new technologies including cloud architectures, deployment strategies, security and operations


• Awareness of technology focused regulatory requirements and ability to apply to new and emerging technologies


• Review and Influence technology based policy, standards, procedures, guidelines, controls, control testing, risk metric development and measurement, and associated reporting


• Anticipate critical issues and risks; take responsibility for identifying or escalating key risks and impacts based on non-compliance with internal and external standards, assist first line with planning and executing additional compensating controls, and participate in various decision making forums on risk appetite setting and risk acceptance


• Develop and communicate comprehensive risk views of existing and emerging technology programs


• Advise first line on risks faced during large technology transformation efforts and data migration projects


• Factor the entire technology risk taxonomy into all assessments engaging with other area expertise and regional risk teams, to develop comprehensive risk view for reports and memos


• Work collaboratively with the First Line of Defense, as well as, with Audit and other ERM functions to integrate reviews, controls testing, or on ETRM recommendations


• Extract, analyze, synthesize, and report on information from various sources including Incident Management, Archer, change control, release plans, etc.


• Manage to the overall second line book of work and ensure tasks are completed by deadlines based on issue life cycle


• Develop presentations for various technology and risk committees to highlight ETRM findings and recommendations


• Deep dive technology risk assessments partnering with Global Technology Services (GTS) and track key risk indicators

• Technical knowledge and experience working within emerging technology areas and cloud environments supporting application and infrastructure resiliency


• Solid understanding of IT Service Management, CCM, COBIT and security standards such as NIST 800-53.


• Familiarity with Technology and Transformation Risk Frameworks including controls and control testing for Design and Operating effectiveness


• Familiarity with emerging technology such as Blockchain and AI


• Superior communication, interpersonal, negotiation, presentation and intergroup skills are critical


• Excellent management skills with the ability to implement and sustain governance to ensure all Policy, Appetite, Taxonomy, Procedures, Guidelines are being adhered to and escalation where there is any risk


• The ability to influence technology leaders about the need to embrace risk reduction initiatives and controls is key to success in this role


• Ability to understand State Street's critical business services and how they are delivered via the underlying system architecture


• An in-depth understanding of Technology Risk Management and it's alignment across SSCs three lines of defense


• Self-Starter, Navigating on your own

• 10+ years of experience in Financial, Consulting, or Technology Industries


• Experienced in complex interactive deployments to AWS, Azure, Oracle Cloud, and edge colocation facilities


• Strong knowledge in cloud based identity and access management strategies and deployments


• Experience with cloud automation and deployment tooling


• Experience in hybrid cloud and API security strategies


• Experience in data encryption and key management processes


• Knowledgeable in cloud based data repository design and migrations to cloud based storage environments


• Expertise with both private and public cloud environments and associated industry best practices


• Familiar with legacy database conversion to cloud native database options


• Knowledgeable in cloud native deployments, including microservices and containers


• Experience with Risk Management, Technology Audits, large scale technology infrastructures


• Project/Program Management experience with PMP certification preferred


• Strong critical thinking, problem solving, and decision making skills


• Bachelor's degree in Technology or related or related major, CISA, CRISC or other risk management professional certifications preferred


• Experience with Microsoft Tools/Data Analytics/Dashboards is a plus


• Travel less than 10%

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.