Information Security Project Director/Analyst , Vice President
The role entails the oversight, direction setting, and management of key components of State Street's overall Information Security Program. Specific duties involve the definition, deployment, and ongoing management of strategic initiatives related to Data Classification, Data Loss Prevention (DLP), User Behavior Analytics (UBA), and Insider Threat detection. Working in a cross discipline environment, the role requires the coordination and motivation of multiple technical and business disciplines to advance our ability to monitor, manage, and mitigate risks associated with unauthorized data disclosure.
- Support Corporate Information Security (CIS) objectives to expand and further automate the identification, mitigation, and management of tools and capabilities related to Data Loss Prev.
- Propose changes to the Information Security Controls as appropriate.
- Provide guidance and assistance in identifying roles and responsibilities related to the ongoing management and support of assigned programs.
- Analyze CIS' processes and tools used in the monitoring of the State Street Information Security environment.
- Provide close cooperation with other team members throughout the corporation ensuring consistent application of policy across platforms and channels.
- Work closely with business partners and data governance teams to identify critical data assets requiring protection and key business process driving data in motion, in use and at rest.
- Assist and contribute to additional projects and deliverables related to regulatory and audit requests as they pertain to Corporate Information Security as requested.
- Ensure that the program(s) address all corporate requirements by collaborating with IT Risk and Compliance, Enterprise Risk Management, Corporate Compliance, Legal, Regulatory Affairs, Corporate Audit, and others, as appropriate.
- Assist with the establishment of key metrics and supporting tracking procedures and reporting framework to support continued effectiveness for each program.
- Maintain ongoing and current knowledge of evolving cybersecurity and privacy legislations ensuring program compliance.
- Assist in the creation of standards and processes required to meet regulatory and legislative requirements.
- Merge DLP technology with business to provide business context per security service * policy
- Former experience in information security and related technologies preferred.
- Former implementation and deployment experience of security tools preferred.
- Extensive knowledge of data loss prevention technologies across all infrastructure components
- Experience in multiple platform implementation including endpoint, mobile, network, cloud and mail infrastructure preferred
- Identify Business requirements and liaison with IT for solution design
- Documentation of business cases, requirements, use cases, test cases
- Prior experience managing large and complex technology implementation.
- Excellent understanding and working knowledge of current data protection, information security and cyber security legislation, practices & techniques;
- In depth knowledge of the financial services industry, and the regulatory environment within which State Street operates. Minimum 5 years' experience.
- Strong problem solver.
- Working with abstract concepts and defining real world tenable solutions to complex problems in a timely manner
- Very strong relationship management skills with demonstrated ability to work across business line and technology teams. Strong communication, influening, and collaboration skills.
- Excellent verbal, written, interpersonal and organizational skills to facilitate interoperability and integration efforts across multiple Business Units.
- Project management experience and the ability to operate in a deadline-oriented environment, prioritize tasks, and be a team player.
- Self-sufficient way of working, hands-on mentality, very good analytical capabilities with diligent work attitude.
- Professional demeanor and ability to interact with clients, management and peers.
Bachelor's degree (B.A. or B.S.) in computer science or related field involving information
security and computer architecture
5+ years security, computer architecture and information technology
Industry certification such as, CISSP, CCSE, VCP, CCDA, CCNA, Server+ or certifications from Red Hat or Microsoft desirable
Familiarity with Security Control organizations such as NIST, CSA, CIS, ISO, FFIEC, etc.