Who we are looking for:
State Street’s Global CyberSecurity (GCS) group plays a key role in the bank’s enterprise third party/vendor risk management function. Senior Technology Risk Analyst is experienced third party risk analyst tasked with conducting information security risk assessments of critical State Street suppliers.

Responsibilities:

• Collaborate with supplier relationship managers to help document the inherent risks in certain third party relationship and the controls in place to ensure a secure and compliant engagement

• Be responsible for reviewing security controls and/or regulatory compliance measures present at high and critical-rated Third Party Providers utilized by State Street

• Develop reports to help GCS management business line management and other risk-related stakeholders understand the status of ongoing assessments the actions required to remediate risks and the risk posture of certain business units as it relates to vendors

• Collaborate with State Street’s Legal and Procurement groups to ensure that contracts with third parties reflect an appropriate level of control for IT/security risks.

Qualifications:

In this role the analyst must be capable of influencing courageously at all levels of the organization to ensure that third party relationships strike an effective balance between business and security requirements.

• 3 to 6 years of prior IT Audit or Information Security experience particularly in a role related to third party risk assessment

• Familiarity in reviewing SSAE16 and other independent reports and a strong knowledge of applicable federal and state privacy/security laws and accreditation standards

• Proven ability to translate complex regulations (ISO SOX NIST UK PRA EU Data Directive HIPAA and PCI etc) into clear easily understood action plans

• Effective written and oral communication skills

• Strong negotiation skills

• Ability to train others in security concepts

• Ability to synthesize data about to information risks to identify hidden trends and themes and to communicate this information to internal stakeholders

• Industry certification a plus (CISSP CISA or CISM etc)

• Bachelor’s or master’s degree in computer science management information systems business administration or related discipline would be a plus

What We Offer:

• Employee savings plan;

• Premium life insurance package;

• VIP medical package;

• Multisport card/cinema tickets / money transfer

• International operating environment;

• Language classes;

• Soft skills trainings;

• Technical workshops