Develop and execute State Street’s global strategy for secure AI and data protection, aligned with business objectives and regulatory requirements.
Define and steward secure AI architectures and threat modeling frameworks across the enterprise.
Lead the identification, assessment, and mitigation of risks across enterprise data security, including emerging threats from quantum computing and AI.
Champion security-by-design principles in all technology initiatives, integrating security into application development, infrastructure, and cloud environments.
Develop and execute a comprehensive data protection strategy for customer, supplier, and product data, with actionable controls and measurable outcomes.
Define, implement, and maintain data protection policies, standards, and procedures, ensuring ongoing compliance and executive sponsorship.
Maintain deep knowledge of global data protection laws and frameworks (GDPR, CCPA, LGPD, NYDFS, PCI DSS, etc.) and industry standards (NIST, COBIT, ISO 27001).
Lead architecture, tooling selection, risk assessment, control design, and implementation for data protection and governance solutions.
Establish and mature threat modeling practices for AI, integrating them into architecture and engineering processes.
Oversee the development and implementation of pilot programs and testing for emerging technology security (e.g., Post-Quantum Cryptography migration, AI model governance).
Manage data protection for AI/Generative AI initiatives, including data governance for models, data provenance, and model risk considerations.
Stay abreast of emerging threats and technologies, proactively enhancing State Street’s security posture in areas such as quantum computing, AI, and cloud security.
Collaborate with architecture and engineering teams to evaluate and integrate suitable security solutions for emerging technologies.
Oversee the design, implementation, and management of data security controls: DLP, data classification, encryption, tokenization, masking, database activity monitoring, and cloud data security posture management.
Drive controls automation and governance technology initiatives (e.g., Archer, ServiceNow GRC) to streamline risk management, policy enforcement, and audit readiness.
Integrate GRC with project/portfolio management tools (e.g., Jira, Clarity) for alignment of control requirements and remediation efforts.
Develop and implement incident response plans and procedures, including considerations for “Harvest Now, Decrypt Later” scenarios.
Serve as a trusted advisor to the CISO, executive leadership, and business units on all matters related to enterprise architecture, data protection, and emerging technology security.
Build strong partnerships with the Chief Data Officer (CDO), Chief Technology Risk Officer (CTRO), Chief Architect, Head of Emerging Technologies and business units to embed security requirements in business processes.
Represent State Street in industry forums, conferences, and regulatory discussions related to data security and emerging technologies.
Deliver measurable dashboards and KPIs/KRIs that drive action and provide insights into the effectiveness of security controls and architecture for AI and data programs.
Synthesize input from diverse stakeholders to develop practical, scalable solutions and recommendations.
Build, mentor, and lead high-performing teams of architects, engineers, and analysts, fostering expertise in AI security, data protection, and emerging technology security.
Drive talent development, succession planning, and cross-functional collaboration.
Requirements
Bachelor’s degree in Computer Science, Information Security, or related field; Master’s degree highly preferred.
Relevant industry certifications (e.g., CISSP, CISM, CDPSE, CIPP/E, CRISC, certifications in cryptography or architecture) are highly desirable.
Minimum of 15+ years of progressive experience in information security and enterprise architecture, with at least 8-10 years in senior leadership roles within large, complex organizations.
Extensive experience in data protection, information lifecycle management, and data governance within regulated, global enterprises (banking/financial services preferred).
Proven experience in developing and implementing enterprise-wide security and architecture strategies and programs.
Deep technical understanding of data security technologies, architectures, and cryptographic infrastructure, including PQC readiness.
Experience with cloud security (AWS, Azure, GCP) and securing data in cloud environments.
Broad expertise in cybersecurity frameworks and industry standards (NIST, COBIT, FFIEC, ISO 27001, etc.).
Tech Stack
AWS
Azure
Cloud
Cyber Security
Google Cloud Platform
ServiceNow
Benefits
Competitive salary and comprehensive benefits package
Retirement savings plan (401K) with company match
Insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages
Paid-time off including vacation, sick leave, short term disability, and family care responsibilities
Access to our Employee Assistance Program
Incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans)
Eligibility for certain tax advantaged savings plans