Sr. Information Security Officer, Managing Director - Munich, Deutschland - State Street Corporation
Beschreibung
State Street Corporation Munich, GermanyPosted 16 hours ago Permanent Competitive- Sr. Information Security Officer, Managing Director
- State Street Bank International GmbH ('SSBI') seeks to recruit a Senior Information Security Officer, Managing Director (Sr. ISO) to improve the overall protection of SSBI, its customers and partners from an evolving and sophisticated threat landscape.
- The SSBI Sr. ISO reports to the SSBI Chief Governance Officer and closely cooperates with the SSBI Head of IT and the wider management team.
Key stakeholders include:
- Information Security Officers
- Business and Functional Leaders
- Cyber Fusion Center
- Cyber Architecture & Security Engineering
- First Line Risk and Controls
- 3LOD Partners
- The SSBI Sr.
Information Security program development and management
Objective:
Develop and manage the information security program within the business unit to drive compliance with information security supplemental requirements and reduce risk- Identify senior business management and build relationship to ensure effective information security governance is established - strategy with goals and objectives, strategic alignment, roles and responsibilities, performance measurement, outcomes
- Understand context of the business unit internal and external issues, organizational structure, organizational drivers, geography, strategy, legal and regulatory requirements
- Develop an information security strategy aligned to the business unit strategy, defining the goal of information security, objectives and the desired state
- Develop and maintain an information security policy, associated standards and procedures
- Define the activities to be performed within the information security program, and assign ownership
- Establish relevant metrics to evaluate the effectiveness of the information security program
- Monitor and review information security program, to ensure continual development and improvement
Risk and Incident Management
Objective:
Manage information security risk and incident response, from assessment through mitigation of risk, and throughout the entire lifecycle of incident management- Support the business unit in identifying high risk/critical processes and technology, ensuring they are inventoried, ownership is assigned and that regular reviews are carried out
- Integrate information security risk review into lifecycle processes such as Incident Management, ASAP, ISRMP, TPRM, BCP, SDLC, Change and Project management
- Attend risk and technology committees. Identifying, documenting and communicating Information Security risks. If risk and technology committees do not exist, work with the business unit to establish forums for discussion
- Act as Information Security representative during regulatory and statutory engagements
- Participate in security incident response program representing the business area to detect and respond to incidents in a timely manner. Post incident, provide support to the business to identify control gaps.
Measurement
Objective:
Develop metrics for measuring the information security program and related activities- Establish and agree on appropriate reporting with senior management to give a view of the state of information security throughout the business unit
- Complete the quarterly ISO maturity assessment to provide a clear understanding of the maturity of the implementation of the ISO framework
- Identify failed business controls and provide support on remediation to drive compliance with information security supplemental requirements
- Create development plans for all information security resources to ensure continual improvement
Communication
Objective:
Establish internal and external communication channels that support information security- Report on potential business impact of proposed new information security supplemental requirements, and of security risks from new business initiatives
- Report significant changes in information security risk to appropriate level of management for review on both a periodic and an event driven basis
- Provide regular communication on threat intelligence relevant to the business unit, and issue guidance on supporting controls
- Report on impact or potential impact of security incidents to senior management
Education
Objective:
Maintain up to date knowledge of evolving information security threat landscape and provide information security awareness, training and education to key stakeholders- Design and develop an interactive
Mehr Jobs von State Street Corporation
-
Fund Accountant, Senior Associate
Frankfurt am Main, Deutschland - vor 2 Tagen
-
Tax Accountant, Assistant Vice President
Frankfurt am Main, Deutschland - vor 3 Wochen
-
Tax Accountant Expert
Frankfurt am Main, Deutschland - vor 2 Wochen
-
Steuerexperten / Experten Invstg / Tax Fund
Frankfurt am Main, Deutschland - vor 1 Woche
-
State Street Global Advisors
Frankfurt am Main, Deutschland - vor 2 Wochen
-
Tax Expert, Officer
Frankfurt am Main, Deutschland - vor 1 Woche