IT Audit Infrastructure, Assistant Vice President

State Street

full-time

Posted on: 8/13/2025

Origin: • 🇺🇸 United States • Massachusetts

✨ AI Apply

Lead

CloudCyber SecurityFirewalls

About the role

Plan, oversee, and execute audits according to the Division’s risk-based audit methodology, other internal standards and industry practices.
Supervise and direct the execution of risk and control assessments, along with the effective and efficient testing of key controls.
Review audit workpapers to ensure execution in line with internal standards and that conclusions are properly supported.
Draft audit reports that clearly communicate overall conclusion, including: key risks, identified issues and their root cause, and impact on overall business strategy.
Work in partnership with business area management to communicate expectations and manage any project issues that may arise during the audit engagement.
Escalate potential and identified issues to senior management timely and work with business management to develop and negotiate solutions.
Develop and maintain a thorough understanding of assigned areas of responsibility, including key technology, products, organizational activities, regulatory environment and global footprint.
Establish and maintain strong and effective client relationships with business management across the lines of defense and assist management in understanding and implementing / maintaining internal control principles.
Contribute to change initiatives through active participation in working groups and adoption of practices in day-to-day responsibilities.
Coach and mentor audit staff as part of their ongoing development.

University degree in Information Systems, Computer Science, or related field; or an advanced degree in Information Technology, Cyber Security, or Systems Engineering.
Fluency in English, both written and spoken.
5+ years experience executing or auditing the following technology-related areas: Financial services operational processes and technology; Automated business process controls; Enterprise security controls frameworks; Enterprise application development models (i.e., waterfall, rapid prototyping, agile); IT asset Management; Lifecycle Management; Technology Governance; Identity and Access Management / Privileged Access Management / Adaptive Authentication Solutions; Resiliency and Business Continuity Management; Cloud Solutions (SaaS, PaaS, IaaS); Data Loss Prevention technologies and support processes; Vulnerability Scanning and Penetration Testing; Perimeter / Internal Security Technologies (Firewalls, Intrusion Detection, and Prevention Systems); Network Segmentation and Separation Solutions; Platform and Configuration Hardening Practices; Threat Intelligence and Insider Threat Detection; Security Incident and Event Management (SIEM) Technologies; Cyber Incident and Response; Data protection (GDPR).
Preferred professional certifications: CISA, CISSP, CRISC, CISM.
Travel may be required domestically and internationally.