Third Party Cyber Risk Management Security Analyst

Company: STATE STREET CORPORATION
Location: Boston
Posted on: March 28, 2025

Job Description:

Who we are looking forState Street's Global Cyber Security (GCS) Third Party Cyber Risk Management (TPCRM) program seeks to mitigate a variety of third-party information security risk in accordance with the Bank's cyber risk appetite. Through a framework that addresses policy, process, operations, people, and technology, GCS protects our infrastructure, company data, and customer assets while ensuring alignment with applicable global regulations and laws.State Street's TPCRM organization is seeking a Senior Analyst (Individual Contributor) in the area of Cyber Security for the Third-Party Cyber Security Assessments team. The role activities include assessing, verifying, and reporting on the effectiveness of information/cyber security related safeguards of a third party's corporate information security program.What you will be responsible for

• To thoroughly perform cyber/information security assessments of third-party service providers' enterprise using State Street's risk management framework and cybersecurity assessment methods for vendors of varying sizes and complexities.
• Review/analyze third party attestation and certification artifacts (SOC2, SIG, NIST, ISO 27001/2 Certifications, etc.) shared by third parties to identify the information security risks.
• Document assessment results consistent with State Street's TPCRM, Issue Management and Enterprise Risk Management standards.
• Provide subject matter expertise in the Third-Party information security program and provide timely recommendations to identified problems.What we valueThese skills will help you succeed in this role:
  • 5+ years of experience working in Cyber/Information Security Governance Risk and Compliance role.
  • 3+ years of experience performing Third Party Cyber/Information Security Assessment or Cyber Security Assessments.
  • Knowledge of security and risk management frameworks as well as and regulations such as ISO 27001/27002, NIST, FRB/OCC Third Party Risk Management Guidelines, FFIEC Security Handbook, GDPR, DORA, etc.
  • Superior attention to detail with excellent written and both verbal communication and presentation skills.
  • Expertise in writing technical and risk management reports.Education & Preferred Qualifications
    • Bachelor's and/or Master's degree in Cybersecurity, Law, Privacy, Enterprise or Operational Risk Management preferred.
    • Demonstrated critical thinking and analytical skills. Ability to unwind complex cyber/information security issues for a variety of technical and non-technical audiences.
    • Strong understanding of information security domains and possesses a well-rounded security and risk management background.Are you the right candidate? Yes!We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don't necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit.Why this role is important to usOur technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We're driving the company's digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation.We offer a collaborative environment where technology skills and innovation are valued in a global organization. We're looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company.Join us if you want to grow your technical skills, solve real problems and make your mark on our industry.About State StreetWhat we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You'll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.Inclusion, Diversity and Social Responsibility. We truly believe our employees' diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.State Street is an equal opportunity and affirmative action employer.Salary Range:$90,000 - $142,500 AnnualThe range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.Job Application Disclosure:It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
      #J-18808-Ljbffr

Keywords: STATE STREET CORPORATION, Boston , Third Party Cyber Risk Management Security Analyst, Executive , Boston, Massachusetts