Full-time
VP - Enterprise Technology Risk Management - State Street - North Quincy, MA

VP – Enterprise Technology Risk Manager The Enterprise Risk Management (ERM) department at State Street is responsible for the identification, analysis, measurement, reporting and management of risk at both the corporate-level and in partnership with the business units in support of their activities. Enterprise Technology Risk Management is a function in the ERM group.
In this role, you will be acting as a trusted and influential advisor to State Street’s Enterprise IT business for all technology risks. Enterprise IT at State Street is responsible for overall of State Street’s technology infrastructure, applications and systems.

As a seasoned technology and risk leader, you will have the opportunity to enhance the program and establish jointly with Enterprise IT, business and ERM peers the right set of strategy, framework, processes and business “C” level engagement. You will have the chance to help evolve the company technology risk posture and maturity. The position is based in Boston area, with limited domestic and international travel expected. It will report to the SVP, Chief Technology Risk Officer (CTRO) and head of Enterprise Risk Management Program (ETRM) General Roles and Responsibilities: Your mission is to act as the Enterprise Risk Management thought leader and owner of technology risk appetite framework, inherent risk and residual risk methodology, risk appetite and tolerance limit strategy at the top of the house as well as develop the sub-allocation strategy of risk appetite and limits to individual initiatives and programs. Responsible for developing and implementing a comprehensive Enterprise risk appetite framework that includes the oversight and execution of the program, the output of which is shared with the firm’s board of directors. Additionally as part of the leadership team of Enterprise Risk Management you will act as the trusted advisor to the Enterprise IT Business Unit and First Line of Defense (FLOD) control function on matters relating to the IT risk posture of State Street. More specifically, you will be: participating in various decision making forums on risk appetite setting and risk acceptance driving adoption of the risk appetite framework globally within the firm identifying areas of improved communication and driving use and continuous improvement
Develop and communicate risk management policies, guidelines and standards across the business ensuring security and technology risks are identified and managed effectively. Overall management expectations are to provide strategic leadership, vision and on-going support to the business leaders, First line of Defense (FLoD) and IT leaders regarding information technology and security best practices and trends. Thought Leadership and Strategy Development: Define and develop the strategy for technology risk appetite, tolerance and limits on Enterprise level. Leverage existing work done to date where firm wide technology risk is broken down into risk category swim lanes – Cyber and Information Security, Asset Management, Technology Obsolescence, Change Management, Business Disruption and Technology Resiliency, and Vendor Management. Ensure framework is flexible to be catered for the following audiences: The firm’s board of directors to enable them to have a rational risk dialogue and be able to clearly establish limits, For Technology and Operational risk committee (TORC), Technology Risk Management Governance (TRG) committee and management to allow them to provide governance and oversight For business leaders to help them determine the level of residual risk, For risk reduction program owners to allow them to determine level of risk reduction their program is achieving, For swim lane owners to allow them to aggregate risk to the swim lane level and similar other owners Regulators are interested in having transparency of the risk at the legal entity level. Develop a solution that allows top of the house risk to be categorized by legal entities, regions and countries rationally and ensuring the sum of the parts aligns with board level established limits Think about and define solutions for cross domain risks, risk reduction programs that reduce risk in more than one swim lane
Governance and Oversight: Drive adoption and instrumentation of the IT environment to enable accurate and timely data feeds to drive reporting Define the look and feel and content for reports, dashboard and monthly risk opinion Account for judgement communicate effectively independent evaluation of IT risk posture. Differentiate between change the bank vs. manage the bank risks Present the risk appetite dashboard, risk opinion and relevant metrics at the appropriate committees, articulate and defend the measures Push for, drive and escalate as necessary when limits are breached or risk posture deteriorates Review and challenge risk reduction estimates provided by IT First Line of Defense, residual risk scores or risk criticality As a member of ETRM leadership team participate and provide judgement/input into overall ETRM processes, actions and decisions Review and appropriately challenge technology risk decisions, direction, and initiatives under taken by the FloD, IT or business, providing an independent voice to the risk management process Monitoring, Analysis, Reporting and Escalation: Assist business lines in implementing effective technology risk management best practices by developing and establishing continuous risk identification, measurement, management, control and reporting Provides ongoing assessment of the Technology Risk Profile through regular status reporting of risk issues and initiatives Develop effective Technology risk reporting and other communication channels to ensure timely escalation of significant risk issues. Serves as liaison with other Risk disciplines, internal departments, Regulators and other external parties.
Education and Training: Conduct and/or coordinate periodic Technology risk management training, provide ongoing guidance and direction regarding the development and implementation of Technology Risk Management plans and objectives and promote a risk aware culture throughout the organization Serve as a subject matter expert in technology risk, controls, compliance, and information security best practices
Candidate Must Haves:
The ability to influence senior business leaders about the need to embrace new risk initiatives and controls is key to success in this role. This is to be achieved by providing transparency and clarity around risk’s, risk limits, and their calculations and understanding: This position requires interacting with “C” level suite, so superior communication, interpersonal, negotiation, presentation and intergroup skills are critical for success Very strong thought leadership, technical depth across a wide variety of disciplines in IT is a must Ability to translate technical issues into risk terms that business can understand is absolutely necessary Experience rolling out an technology risk program either as a First Line of Defense (FloD) or Second Line of Defense (SLoD) necessary to provide appropriate guidance and advise to IT and FLoD Thought leadership around technology risks a must Ability to be a strong voice for review and challenge while continuing to maintain positive relationships with business stakeholders
Other Qualifications: Minimum 15+ years of experience in the financial, consulting or technology industries Experience managing a global team of risk professionals Consulting Experience from a top tier consulting firm specifically around helping firms develop risk frameworks and driving adoption is highly preferred Graduate or higher degree in technology or management preferred

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.