Job Description

Who we are looking forAn Information Security Officer who will be part of a team across APAC; responsible for ensuring the security of the business and functional teams in line with company security policy and risk tolerances.What you will be responsible for\xc2\xb7 Align to the mission of continuously improving the cyber risk posture regionally; and actively contributing to the global cybersecurity program.\xc2\xb7 Consistent and effective engagement with Information Technology, Business leadership to embed security into their strategic and tactical plans.\xc2\xb7 Addressing cyber security and risk posture within the region.\xc2\xb7 Anticipate and address the cyber security requirements from various regional regulators\xc2\xb7 Being a Trusted Security Adviser to the Regional Leadership teams.\xc2\xb7 Engage with regional regulators and legal entity boards on the subject of cyber security and cyber risk.\xc2\xb7 Assist in the development and successful outcomes of Security KPIs that drive control effectiveness.\xc2\xb7 Directly support security assessments and drive required improvements in response to assessments.What we value\xc2\xb7 Foster a high performing team environment.\xc2\xb7 Collaborate across Global Cyber Security and business lines to ensure alignment addressing security risk in their products and services.\xc2\xb7 Create visibility through effective metrics and reporting.\xc2\xb7 Build and nurture positive working relationships with clients with the intention to exceed client expectations.\xc2\xb7 Positioning security within the business with the ability to communicate in non-technical terminology.\xc2\xb7 Partner with your stakeholders to identify, evaluate, and address cyber security risks.\xc2\xb7 Ensures and monitors security compliance with industry and government rules and regulations.\xc2\xb7 Coordinates with technology and business groups to assess, mitigate, and monitor IT-related security risks.\xc2\xb7 An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner\xc2\xb7 Report security performance against established security metrics.\xc2\xb7 Promote information security awareness program to ensure staff members across the organization understand the trade-off between risk and return.Desired Outcomes\xc2\xb7 Delivery of effective security outcomes that drives improvements of security within the business.\xc2\xb7 Continuous improvement of cyber risk posture.Critical Leadership Capabilities\xc2\xb7 Driving results\xc2\xb7 Strategic Thinking\xc2\xb7 Collaborating & Influencing\xc2\xb7 Change Management\xc2\xb7 Team Building\xc2\xb7 Senior Executive communicationEducation & Preferred Qualifications\xc2\xb7 Technical understanding and experience developing and implementing innovated techniques and solutions to delivering cost efficient security solutions.\xc2\xb7 Hands-on experience or working knowledge in multiple security domains: Network security, Identity and Access, Data Loss / Data Protection, Application Security, Windows/Unix security hardening, security framework, Vulnerability Management, Penetration Test & standards, various protocols (e.g., TCP/IP, UDP, SSL/TLS, SSH, HTTPS, FTP, RDP, LDAP, etc.)\xc2\xb7 Knowledge of various Cloud environments, security controls and assurance\xc2\xb7 Understanding of key Cyber risk frameworks\xc2\xb7 An interest in data analysis, feeding into decision-making processes\xc2\xb7 An ability to effectively influence others to modify their opinions, plans, or behaviors\xc2\xb7 Ability to react to dynamic changing environments\xc2\xb7 Preference not Mandatory : Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) and/or Offensive Security Certified Professional (OSCP)

State Street