Head of AI Security, Data Protection
United States
Full Time
1 week ago
$225,000 - $337,500 USD
H1B Sponsor
Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformServiceNowAIGenerative AIGCPGoogle CloudJiraLeadershipRisk ManagementCollaborationSalesCloud Security
About this role
Role Overview
- Develop and execute State Street’s global strategy for secure AI and data protection, aligned with business objectives and regulatory requirements.
- Define and steward secure AI architectures and threat modeling frameworks across the enterprise.
- Lead the identification, assessment, and mitigation of risks across enterprise data security, including emerging threats from quantum computing and AI.
- Champion security-by-design principles in all technology initiatives, integrating security into application development, infrastructure, and cloud environments.
- Develop and execute a comprehensive data protection strategy for customer, supplier, and product data, with actionable controls and measurable outcomes.
- Define, implement, and maintain data protection policies, standards, and procedures, ensuring ongoing compliance and executive sponsorship.
- Maintain deep knowledge of global data protection laws and frameworks (GDPR, CCPA, LGPD, NYDFS, PCI DSS, etc.) and industry standards (NIST, COBIT, ISO 27001).
- Lead architecture, tooling selection, risk assessment, control design, and implementation for data protection and governance solutions.
- Establish and mature threat modeling practices for AI, integrating them into architecture and engineering processes.
- Oversee the development and implementation of pilot programs and testing for emerging technology security (e.g., Post-Quantum Cryptography migration, AI model governance).
- Manage data protection for AI/Generative AI initiatives, including data governance for models, data provenance, and model risk considerations.
- Stay abreast of emerging threats and technologies, proactively enhancing State Street’s security posture in areas such as quantum computing, AI, and cloud security.
- Collaborate with architecture and engineering teams to evaluate and integrate suitable security solutions for emerging technologies.
- Oversee the design, implementation, and management of data security controls: DLP, data classification, encryption, tokenization, masking, database activity monitoring, and cloud data security posture management.
- Drive controls automation and governance technology initiatives (e.g., Archer, ServiceNow GRC) to streamline risk management, policy enforcement, and audit readiness.
- Integrate GRC with project/portfolio management tools (e.g., Jira, Clarity) for alignment of control requirements and remediation efforts.
- Develop and implement incident response plans and procedures, including considerations for “Harvest Now, Decrypt Later” scenarios.
- Serve as a trusted advisor to the CISO, executive leadership, and business units on all matters related to enterprise architecture, data protection, and emerging technology security.
- Build strong partnerships with the Chief Data Officer (CDO), Chief Technology Risk Officer (CTRO), Chief Architect, Head of Emerging Technologies and business units to embed security requirements in business processes.
- Represent State Street in industry forums, conferences, and regulatory discussions related to data security and emerging technologies.
- Deliver measurable dashboards and KPIs/KRIs that drive action and provide insights into the effectiveness of security controls and architecture for AI and data programs.
- Synthesize input from diverse stakeholders to develop practical, scalable solutions and recommendations.
- Build, mentor, and lead high-performing teams of architects, engineers, and analysts, fostering expertise in AI security, data protection, and emerging technology security.
- Drive talent development, succession planning, and cross-functional collaboration.
Requirements
- Bachelor’s degree in Computer Science, Information Security, or related field; Master’s degree highly preferred.
- Relevant industry certifications (e.g., CISSP, CISM, CDPSE, CIPP/E, CRISC, certifications in cryptography or architecture) are highly desirable.
- Minimum of 15+ years of progressive experience in information security and enterprise architecture, with at least 8-10 years in senior leadership roles within large, complex organizations.
- Extensive experience in data protection, information lifecycle management, and data governance within regulated, global enterprises (banking/financial services preferred).
- Proven experience in developing and implementing enterprise-wide security and architecture strategies and programs.
- Deep technical understanding of data security technologies, architectures, and cryptographic infrastructure, including PQC readiness.
- Experience with cloud security (AWS, Azure, GCP) and securing data in cloud environments.
- Broad expertise in cybersecurity frameworks and industry standards (NIST, COBIT, FFIEC, ISO 27001, etc.).
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
- ServiceNow
Benefits
- Competitive salary and comprehensive benefits package
- Retirement savings plan (401K) with company match
- Insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages
- Paid-time off including vacation, sick leave, short term disability, and family care responsibilities
- Access to our Employee Assistance Program
- Incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans)
- Eligibility for certain tax advantaged savings plans