What we value The Cybersecurity Lead is a senior level position responsible for overseeing security for a number of Charles River Development's computing environments (public cloud, managed hosting providers, or internal networks), and identifying, assessing, and reducing cyber security risks within these environments. The primary objective of this role is to help establish and operate a world class, automated, agile, and effective security processes that support a high-velocity culture. This position has direct responsibility for building, improving, and operating security program elements from identity and access management to data protection which is key to preserve client trust and reputation of CRD and State Street. Why this job is important to us The team you will be joining is an information security team whose remit spans from Charles River Development (or CRD) to other State Street business units within the same organizational hierarchy. CRD helps create enterprise investment management software solutions for large institutions in the areas of institutional investment, wealth management and hedge funds. Together we have created the first open front-to-back platform - State Street Alpha, that was launched in 2019. Join us if securing the next generation infrastructure, using emerging technologies sounds like a challenge you are up for. What you will be responsible for
Providing quick, yet well-thought security risk feedback to internal partners informed by deep understanding of the business and risks, coupled with subject matter expertise, rather than FUD, and being accountable for these decisions
Serving as a recognized leader of the information security team and represent the function across State Street
Own the information security program within the CRD computing environments
Working with the IT teams for CRD computing environments, and using deep IT technical knowledge, building, improving, and operating risk-based security program elements across all security domains and layers from network through application and data.
Working in cooperation with the information security team in identifying and communicating vulnerabilities and track them to remediation across all CRD computing environments.
Designing and implementing policies, procedures, practices and controls to mitigate risk.
Creatively finding ways to automate security processes and reduce or eliminate manual or administrative steps
Supporting rollout of enterprise security solutions, such as privilege access management, SIEM, HSM, etc.
Reviewing, evaluating, providing security guidance on implementation of resilient, novel technologies in the cloud
Communicating information security vulnerabilities, threats, and risks to both technical and non-technical audiences
Managing and coordinating security incident response
Developing, collecting and communicating relevant strategic and operational security metrics relaying the health of the information security program across CRD environments.
What we value
The ideal candidate would have a good understanding of a software company or the financial services industry or both
Appreciation that security exists to support and protect the business
Keen eye on the context and all the relevant factors, and exhibiting practicality in making security risk and control decisions
Strong sense of ownership, being results-oriented, and accountable for outcomes, successful or not
Ability to build and maintain strong relationships with functional groups based on mutual trust
5 to 7 years of hands-on experience in a technical information security manager role overseeing the security of hybrid cloud environments including IaaS and PaaS cloud models
Appreciation of agile and DevOps methodologies and implementing the tenets of these models to information security
Experience in deploying enterprise-grade security solutions as complicated as SIEM and HSMs
Good understanding and experience in aligning to industry frameworks and standards such as NIST cybersecurity framework, ISO 27001, SOC audit principles, FIPS 140-2
Having a command of common scripting languages in order to be able to automate manual security processes
Deep technical knowledge of the full IT stack from Layer 2 switching through Layer 7 application and data, and having implemented relevant security controls across all these layers
Experience in security risk management informed by the criticality of systems, threats to them, vulnerabilities in them, and the likelihood and impact of the threats exploiting the vulnerabilities.
Strong analytical and problem solving skills
Ability to communicate professionally with all levels of the organization
A technical base that will allow quick learning and grasp of new technologies
Education & Preferred Qualifications Four (4) year degree in a technical field such as Computer Science.