Global Head of Third-Party Cyber Risk Management

This job is with State Street, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.

Who we are looking for

As a member of the External Cybersecurity Engagement team, this member will be responsible for Third-Party Cyber Risk Management (TPCRM), reporting to the Global Head of External Cybersecurity Engagement.

As the Global Head of Third-Party Cyber Risk Management, you'll be responsible for developing, implementing, and overseeing a comprehensive and global program to manage the cyber risks associated with our third-party relationships.

This is a critical leadership role that requires a strategic vision and deep technical expertise to protect our firm and our clients' assets from an ever-evolving threat landscape. You'll lead a team of dedicated professionals and work closely with senior leadership across the organization, including risk, IT, and business units, to ensure our third-party ecosystem (inclusive of nth party risk) is resilient and secure.

What you will be responsible for :

Program Leadership : Define and execute the global third-party cyber risk management strategy, including policies, standards, and procedures.

Risk Assessment and Due Diligence : Oversee the entire lifecycle of third-party risk management, from initial due diligence and ongoing monitoring to contract termination. This includes conducting risk assessments to identify, measure, and mitigate cyber risks posed by vendors, suppliers, and other partners.

Team Management : Lead, mentor, and grow a team of third-party cyber risk professionals. Foster a culture of continuous improvement, expertise, and collaboration.

Governance and Reporting : Establish and maintain a robust governance framework. Provide regular reporting to senior management and the board on the state of third-party cyber risk, key metrics, and emerging threats.

Threat Intelligence : Stay abreast of the latest cyber threats, vulnerabilities, and regulatory changes relevant to third-party risk. Integrate threat intelligence into the risk assessment process.

Cross-Functional Collaboration : Partner with key stakeholders, including legal, procurement, business units, and information security to embed a risk-aware culture and ensure a consistent approach to third-party and nth party risk management.

Target Operating Model : Review and transform the current state of the TPCRM operating model in line with the best practice and integrate into the wider Third-Party Risk Management process, including executing on opportunities for automation.

External Engagement : Understanding and development of industry and sector knowledge, to ensure our TPCRM practices can leverage the enhancements in the evolving landscape.

Compliance : Ensure the program adheres to all relevant regulations and industry standards (e.g., NIST, ISO 27001, SOC 2).

What we value -

These skills will help you succeed in this role

Independent, strategic thinker with an ability to operate with a global mindset and establish a long-term vision

Ability to courageously influence colleagues at levels

Strong written and oral communication skills with the ability to articulate complex technical concepts to both technical and non-technical audiences

Strong presentation skills

Multitask within multiple projects and programs

Thrives working within a fast-paced environment

Education & Preferred Qualifications

Bachelor degree or higher preferred

A minimum of 10 years' experience in the IT / Risk sector

A minimum of 5 years of experience in a senior leadership role within cyber security with a strong focus on third-party risk management, vendor risk, or supply chain security, preferably in the financial services sector

Relevant industry certifications such as CISSP, CISM, or CRISC are highly desirable

Additional requirements

Occasional travel within and outside US will be required (

Are you the right candidate? Yes!

We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don't necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit.

Why this role is important to us

Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We're driving the company's digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation.

We offer a collaborative environment where technology skills and innovation are valued in a global organization. We're looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company.

Join us if you want to grow your technical skills, solve real problems and make your mark on our industry.

About State Street

What we do.

State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow.

We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary in locations, but you may expect generous medical care, insurance and savings plans among other perks. You'll have access to flexible Work Program to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility.

We truly believe our employees' diverse backgrounds, experiences and perspective are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome the candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift program and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

Discover more at StateStreet.com / careers

Salary Range :

$170,000 - $282,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure :

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

]]>