DESCRIPTION / RESPONSIBILITIES : The Enterprise Technology Risk Management (ETRM) department at State Street is responsible for the identification, analysis, and management of technology risk at both the corporate-level, regional-level and in partnership with the business units in support of their activities.
In this role, you will be part of ETRM for EMEA and support the legal entities in Europe in technology risk management. The role will be based in Luxembourg but will require some travel within Europe.
You will have a direct reporting line to the Head of ETRM EMEA. General Roles and Responsibilities Contribute to the development and implementation of the IT Risk Strategy, Governance model and framework in EMEA. Governance and Oversight :
Drive effective implementation and communication of all Technology risk mgmt. policies and guidelines.
Establish local policies and guidelines (as required) to meet regulatory requirements. Communicate with regulators on the IT risk program as required.
Provide direction, support and oversight with respect to management of security and technology risks of core systems and applications.
Provide IT risk management consulting to the business, technical and operations groups. Identification and Assessment :
Develop an understanding of the organizations strategy, critical success factors, risk profile and potential security or technology exposures.
Provide increased transparency and visibility to critical IT risks and prioritize remediation initiatives and related funding needs.
Proactively identify potential risk exposures within new technology solutions being designed and implemented, and partner with Technology and Application Development teams and Corporate Security groups to implement appropriate solutions to mitigate exposure.
Oversee risk and vulnerability assessments of the business systems and applications, and facilitate compliance / control reviews and associated remediation efforts.
Utilize available risk management tools in conjunction with other environmental changes to proactively monitor the Technology control environment and identify and address potential weaknesses and / or gaps in a timely manner.
Keep abreast of new products, services, technologies and applications as well as their respective impact on the organization’s risk profile.
Participate in due diligence efforts for new clients, vendors and M&A activity, as needed. Monitoring, Analysis, Reporting and Escalation :
Assist business lines in implementing effective technology risk management best practices by developing and establishing continuous risk identification, measurement, management, control and reporting.
Provides ongoing assessment of the Technology Risk Profile through regular status reporting of risk issues and initiatives
Develop effective Technology risk reporting and other communication channels to ensure timely escalation of significant risk issues.
Serves as liaison with other Risk disciplines, internal departments, Regulators and other external parties.
Serve as a subject matter expert in technology risk, controls, compliance, and information security best practices. Qualification :
Experience working in IT or risk management for custody, accounting, investment research and trading or investment analytics
Undergraduate and advanced degrees in technology
5-10 years of working experience in IT infrastructure, application development and or security
Background in Financial Services information security and / or technology risk management.
Experienced in successfully working for an international organization.
Strong interpersonal, management, negotiation and presentation skills
Strong consulting background in IT / InfoSec is desired.
Certified in Risk and Information Systems Control (CRISC) or other risk methodologies is desired.