Sr. Information Security Officer, Managing Director - Munich, Deutschland - State Street Corporation

State Street Corporation
State Street Corporation
Geprüftes Unternehmen
Munich, Deutschland

vor 1 Woche

Lena Wagner

Geschrieben von:

Lena Wagner

beBee Recruiter
Beschreibung
State Street Corporation Munich, GermanyPosted 16 hours ago Permanent Competitive

  • Sr. Information Security Officer, Managing Director
  • State Street Bank International GmbH ('SSBI') seeks to recruit a Senior Information Security Officer, Managing Director (Sr. ISO) to improve the overall protection of SSBI, its customers and partners from an evolving and sophisticated threat landscape.
  • The SSBI Sr. ISO reports to the SSBI Chief Governance Officer and closely cooperates with the SSBI Head of IT and the wider management team.

Key stakeholders include:

  • Information Security Officers
  • Business and Functional Leaders
  • Cyber Fusion Center
  • Cyber Architecture & Security Engineering
  • First Line Risk and Controls
  • 3LOD Partners
The SSBI Senior Information Security Officer (Sr. ISO) will drive compliance with GCS security controls in their business unit/region/country/functional area which they represent. The Sr. ISO will serve as a trusted and influential information security advisor to senior-level business management in a large organization.

  • The SSBI Sr.
ISO roles and responsibilities are defined under five domain areas with the following objectives and specific responsibilities for each domain:


Information Security program development and management

Objective:
Develop and manage the information security program within the business unit to drive compliance with information security supplemental requirements and reduce risk- Identify senior business management and build relationship to ensure effective information security governance is established - strategy with goals and objectives, strategic alignment, roles and responsibilities, performance measurement, outcomes

  • Understand context of the business unit internal and external issues, organizational structure, organizational drivers, geography, strategy, legal and regulatory requirements
  • Develop an information security strategy aligned to the business unit strategy, defining the goal of information security, objectives and the desired state
  • Develop and maintain an information security policy, associated standards and procedures
  • Define the activities to be performed within the information security program, and assign ownership
  • Establish relevant metrics to evaluate the effectiveness of the information security program
  • Monitor and review information security program, to ensure continual development and improvement

Risk and Incident Management

Objective:
Manage information security risk and incident response, from assessment through mitigation of risk, and throughout the entire lifecycle of incident management- Support the business unit in identifying high risk/critical processes and technology, ensuring they are inventoried, ownership is assigned and that regular reviews are carried out

  • Integrate information security risk review into lifecycle processes such as Incident Management, ASAP, ISRMP, TPRM, BCP, SDLC, Change and Project management
  • Attend risk and technology committees. Identifying, documenting and communicating Information Security risks. If risk and technology committees do not exist, work with the business unit to establish forums for discussion
  • Act as Information Security representative during regulatory and statutory engagements
  • Participate in security incident response program representing the business area to detect and respond to incidents in a timely manner. Post incident, provide support to the business to identify control gaps.

Measurement

Objective:
Develop metrics for measuring the information security program and related activities- Establish and agree on appropriate reporting with senior management to give a view of the state of information security throughout the business unit

  • Complete the quarterly ISO maturity assessment to provide a clear understanding of the maturity of the implementation of the ISO framework
  • Identify failed business controls and provide support on remediation to drive compliance with information security supplemental requirements
  • Create development plans for all information security resources to ensure continual improvement

Communication

Objective:
Establish internal and external communication channels that support information security- Report on potential business impact of proposed new information security supplemental requirements, and of security risks from new business initiatives

  • Report significant changes in information security risk to appropriate level of management for review on both a periodic and an event driven basis
  • Provide regular communication on threat intelligence relevant to the business unit, and issue guidance on supporting controls
  • Report on impact or potential impact of security incidents to senior management

Education

Objective:
Maintain up to date knowledge of evolving information security threat landscape and provide information security awareness, training and education to key stakeholders- Design and develop an interactive
Mehr Jobs von State Street Corporation
Alle Jobs von State Street Corporation anzeigen