Assistant Vice President IT Security Governance & Risk Management

Role Summary

We are seeking an experienced IT Security Governance & Risk Management leader to support enterprisewide remediation and compliance initiatives across Alternatives Investment Services (AIS) and Insurance technology platforms.

At the AVP level, this role acts as a handson execution lead and escalation point , partnering with application owners, production support, infrastructure teams, and senior leadership to ensure timely remediation of identity, access, vulnerability, and application lifecycle risks in a highly regulated environment.

The role requires strong execution discipline, governance maturity, and the ability to drive outcomes across a large, complex application portfolio.

Key Responsibilities

Identity & Access Risk Management

• Lead remediation of aged passwords and nonhuman/service accounts across a large portfolio of AIS and Insurance applications.
• Partner with application and production support teams to drive corrective actions including password rotation, account disablement, or decommissioning.
• Track remediation activity through enterprise change management tools and ensure committed actions are executed on schedule.
• Validate remediation outcomes using identity and access platforms and ensure evidence is auditready.
• Maintain centralized tracking, metrics, and reporting for noncompliant accounts.
• Escalate repeated noncompliance and missed timelines to senior management, clearly articulating risk and impact.

Vulnerability & Patch Governance

• Review weekly vulnerability reports and validate trends, new findings, and remediation progress.
• Identify carriedover and atrisk vulnerabilities and engage application teams to ensure timely resolution.
• Maintain highquality data sets and develop management views to support leadership decisionmaking.
• Produce weekly executivelevel reporting for AIS and Insurance portfolios, including risks, trends, and remediation timelines.
• Coordinate with infrastructure and security teams to resolve issues and remove blockers.

MultiFactor Authentication (MFA) Compliance

• Track and govern MFA implementation across AIS and Insurance applications.
• Coordinate with application teams to manage timelines, dependencies, and attestations.
• Provide clear, concise weekly status reporting to senior leadership.
• Highlight risks and escalate applications not meeting agreedupon milestones.

Policy Violations & Control Exceptions

• Review periodic policy violation reports related to application security controls.
• Engage application owners to obtain remediation plans and progress updates.
• Provide guidance on remediation of common violations and control gaps.
• Escalate nonresponsive or noncompliant applications to senior leadership.

Application Risk Remediation

• Drive remediation of interactive and legacy account risks in collaboration with application owners and support teams.
• Support teams with remediation approaches to align accounts with noninteractive access standards.
• Maintain status tracking and escalate stalled remediation activity where required.

Application Lifecycle Risk & Resilience

• Ensure applications using endoflife or unsupported components are properly documented in enterprise lifecycle risk repositories.
• Validate remediation timelines and support application teams with required updates.
• Escalate applications that fail to maintain accurate lifecycle risk data.

Financial & Delivery Transparency

• Produce and maintain governance and status reporting for key technology initiatives within AIS and Insurance.
• Partner with delivery teams to ensure accomplishments, upcoming activities, and risks are accurately captured and communicated.
• Support audit and regulatory inquiries through consistent, highquality reporting.

Required Qualifications

• 710+ years of experience in IT risk management, security governance, identity and access management, or regulatory compliance .
• Proven ability to lead remediation activities across large, complex application portfolios .
• Strong experience producing executivelevel reporting and communicating technical risk to senior stakeholders.
• Demonstrated ability to drive accountability, followthrough, and escalation in matrixed environments.
• Strong analytical, organizational, and stakeholdermanagement skills.

Preferred Qualifications

• Experience within financial services, insurance, or other highly regulated industries .
• Familiarity with identity governance, vulnerability management, MFA programs, and application security controls.
• Handson experience with enterprise tools such as ServiceNow, identity platforms, SharePoint, and reporting/analytics tools .
• Prior experience supporting audits, regulatory reviews, or risk committees.

Work Requirement

• Expected to work 3 days a week in the office

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Streets comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit .

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, youll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.