PitchMeAI
State Street

MD GRC Risk Management and Governance

State Street · Boston, MA

  • On site
  • Full-time
  • $220,000 / year
  • Boston, MA

Job highlights

  • Lead cyber risk management and governance framework.
  • Ensure risk alignment with enterprise framework.
  • Oversee control assurance and remediation execution.
  • Coordinate cyber risk for executive committees.
  • Lead and develop a high-performing team.

About the role

Managing Director, Cyber Risk Management and Governance

State Street is seeking a highly experienced Managing Director to lead our Cyber Risk Management and Governance team. This pivotal role involves designing, executing, and overseeing the cyber risk management and governance framework. You will ensure cyber risk is systematically identified, assessed, governed, and reported in alignment with our Enterprise Risk Framework, regulatory expectations, and the firm’s risk appetite. This position is central to our risk operations, with a strong emphasis on framework governance, risk management, findings oversight, and executive reporting.

Key Responsibilities

  • Own and evolve the Cyber Risk Management Framework, ensuring alignment with the Enterprise Risk Framework and regulatory expectations.
  • Govern cyber risk taxonomies, risk appetite statements, risk metrics, and assessment methodologies.
  • Support embedding cyber risk practices across the L3 Cyber risk methodology and support functional and business risk owners in their efforts to improve and sustain cyber risk posture.
  • Provide oversight of control assurance and remediation execution and quality, including challenge, escalation, and consistency.
  • Ensure consistent linkage between assessment outcomes, risk appetite, and remediation priorities.
  • Enable and guide Enterprise Process Owner (EPO) / Metric Owners with challenges related to processes area / Key Risk Indicator improvement, ensuring clear accountability and effective operation.
  • Support the second line of defense in defining, maintaining, and overseeing Cyber Key Risk Indicators (KRIs) and thresholds, ensuring they provide meaningful insight into risk posture and trends.
  • Coordinate cyber risk matters for management‑level and executive Risk Committees, including agenda development, materials, and escalation.
  • Produce and oversee executive‑level cyber risk reporting, including risk posture, trends, material issues, and emerging risks. Ensure reporting is concise, decision‑oriented, and aligned with enterprise and Board risk governance expectations.
  • Serve as the primary cyber risk interface with Technology Risk Advisors (TRAs), coordinating inputs, challenge, outcomes, and follow‑through.
  • Oversee LOD and legal entity cyber risk reporting, ensuring a consistent Global Cybersecurity view.
  • Coordinate with Cyber Compliance teams to provide accurate data sharing for regulatory engagement and legal entities.
  • Provide governance oversight for issues that impact cyber risk, including intake, severity assessment, challenge, escalation, and closure monitoring.
  • Oversee cyber risk acceptance governance, ensuring decisions are risk‑informed, appropriately documented, time‑bound, and approved at the correct level. Ensure alignment between issues, risk acceptances, and risk appetite.
  • Lead the intake and governance of cyber findings from audits, regulatory reviews, assessments, and testing activities. Ensure findings are consistently risk‑rated, challenged where appropriate, and tracked through remediation to closure. Monitor remediation progress, aging, and systemic themes, escalating concerns as needed to governance/management committees.

Required Qualifications

  • 10+ years of experience in cybersecurity risk management, technology risk, or enterprise risk governance, with significant experience at a senior leadership level.
  • Bachelor’s degree in information systems, computer science, data analytics, cybersecurity or related field (or equivalent experience).
  • Deep understanding of cyber risk frameworks, enterprise risk management, and regulatory expectations within a large, complex financial services or regulated environment.
  • Proven experience with risk governance, control assurance and assessments, KRIs, issue management, and executive reporting.
  • Strong ability to build relationships across the three lines of defense and influence at executive and Board levels.
  • Exceptional communication skills, with the ability to translate technical and risk concepts into executive‑level insights.
  • Experience leading highly successful teams in achieving objectives and key results.

Preferred Skills

  • Cybersecurity Certifications such as: CISSP, CISM or equivalent.
  • Experience implementing automated and/or continuous controls monitoring in cloud and hybrid environments.
  • Strong analytical mindset with the ability to translate ambiguous risk or control questions into measurable metrics and repeatable tests.
  • Clear written and verbal communication skills, including the ability to explain complex technical findings and trends to leadership.

Key skills/competency

  • Cybersecurity Risk Management
  • Governance Frameworks
  • Enterprise Risk Management
  • Regulatory Compliance
  • Risk Assessment
  • Issue Management
  • Executive Reporting
  • Control Assurance
  • Risk Metrics (KRIs)
  • Team Leadership

Skills & topics

  • Managing Director
  • Cyber Risk Management
  • Governance
  • Cybersecurity
  • Risk Management
  • Enterprise Risk
  • Financial Services
  • Regulatory Compliance
  • Leadership
  • Technology Risk

How to get hired

  • Tailor your resume: Highlight 10+ years in cyber risk management, enterprise risk, or governance. Emphasize leadership, framework development, and executive reporting experience.
  • Showcase financial services experience: Detail your understanding of regulatory expectations in large, complex financial institutions.
  • Quantify achievements: Use metrics to demonstrate team leadership success and impact on risk posture improvements.
  • Prepare for executive-level discussion: Be ready to articulate complex risk concepts and your strategic approach to cyber risk governance.
  • Research State Street: Understand their commitment to risk management and employee development.

Technical preparation

Master cyber risk frameworks (NIST, ISO 27001).,Understand enterprise risk management principles.,Familiarize with financial services regulations.,Practice executive-level risk reporting.

Behavioral questions

Describe leading a team through significant change.,How do you influence executive decision-making?,Share an example of handling complex risk issues.,How do you ensure regulatory compliance alignment?

Frequently asked questions

What is the primary focus of the Managing Director, Cyber Risk Management and Governance role at State Street?
The primary focus is to lead the design, execution, and oversight of State Street's cyber risk management and governance framework, ensuring alignment with enterprise risk standards and regulatory requirements.
What kind of experience is most critical for this Managing Director position at State Street?
Critical experience includes over 10 years in cybersecurity risk management, technology risk, or enterprise risk governance, particularly within large, regulated financial services environments, and significant senior leadership experience.
How does this role interact with other teams at State Street?
This role serves as a central coordination point, interacting with Technology Risk Advisors (TRAs), Cyber Compliance teams, and acting as a key interface for management and executive Risk Committees.
What are the key responsibilities regarding reporting for the Managing Director, Cyber Risk Management and Governance?
The role involves producing and overseeing executive-level cyber risk reporting, including risk posture, trends, material issues, and emerging risks, ensuring it is concise and decision-oriented.
What is the expected educational background for this role at State Street?
A Bachelor's degree in information systems, computer science, data analytics, cybersecurity, or a related field is required, or equivalent practical experience will be considered.
Does State Street offer benefits for this Managing Director position?
Yes, State Street offers a comprehensive benefits program including retirement savings with company match, various insurance coverages, paid time off, and access to an Employee Assistance Program.
What are the preferred certifications for the Managing Director, Cyber Risk Management and Governance role?
Preferred certifications include CISSP, CISM, or equivalent, demonstrating advanced expertise in cybersecurity.
How important is influencing skills for this Managing Director role at State Street?
Influencing skills are crucial, as the role requires building relationships across the three lines of defense and influencing decisions at executive and Board levels.