Who we are looking for

The Managing Director, Senior Business Information Security Officer (BISO) is a senior cybersecurity leader accountable for the end‑to‑end technology risk posture of assigned businesses, platforms, products, and portfolios. The role partners with business, engineering, and platform leadership to enable secure delivery, reduce material cyber risk, and ensure informed executive decision‑making. This role applies deep technical expertise, and translates complex security risks into clear, business‑relevant outcomes.

Why this role is important to us

While reporting into the Global Cybersecurity Organization, the MD, Senior Business Information Security Officer builds strong relationships with aligned business partners to understand strategic roadmaps that drive further product and service advancements within the business to ensure that cybersecurity capabilities are aligned to best enable business success.

What you will be responsible for

Business‑Aligned Risk Responsibilities

• Represent a complete technical security risk posture for assigned businesses.
• Ensure risks are identified, prioritized, and addressed in alignment with business objectives and risk appetite.
• Advise senior leaders on cybersecurity policies, standards, control expectations, and approved architectures.

Technical Risk Leadership:

• Provide cyber advisory services to the technology and business partners across application, platform, and infrastructure designs.
• Partner with architecture, security, and engineering leaders to validate control effectiveness and risk decisions.
• Ensure primary and compensating controls are appropriately designed, reviewed, and sustained.

Domain & Emerging Technology Expertise:

• Maintain strong practical expertise across cloud‑native and distributed systems, including AI, blockchain, and CI/CD environments.
• Assess emerging technology risks and guide the adoption of proportionate, scalable security controls.

Executive, Regulatory & Audit Engagement

• Engage credibly with executive leadership, Legal Entity Boards, regulators, and second and third lines of defense.
• Present concise, evidence‑based risk narratives, including material issues, trade‑offs, and mitigation strategies.
• Support regulatory examinations, audits, and management reviews with clear ownership and accountability.

Operating Model & Scale:

• Operate effectively and efficiently within the security engagement and risk governance model.
• Identify and drive targeted improvements to reduce friction, clarify decision rights, and eliminate low‑value activities.
• Evolve the cyber operating model to support scalable, product‑centric, high‑velocity delivery, including responsible use of AI within an established cloud first model.

What we value

These skills will help you succeed in this role

• Demonstrate strong executive presence, judgment, and accountability consistent with professional responsibilities.
• Lead and develop a small team of cyber risk professionals, setting clear objectives and delivering measurable outcomes.
• Demonstrate strong influencing and risk-based prioritization skills.

Education & Preferred Qualifications

• 15+ years of progressive cybersecurity experience, including 5+ years in Financial Services.
• Bachelor's Degree in Cybersecurity or related technical discipline
• Significant experience as an operationally focused cybersecurity practitioner.
• Previous experience within roles such as Site Reliability Engineering, Data Architecture, Cryptography Engineer, and Security Researcher would be an advantage.
• Proven track record partnering with senior business and technology leadership on enterprise initiatives.
• Strong strategic thinking, business acumen, and decision‑making capability.
• Relevant technical certifications preferred (e.g., Cloud Security, AI, Blockchain, Dev Sec Ops, CISSP, CISM).

Salary Range:

$170,000 - $282,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at State Street.com/careers

Read our CEO Statement:

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.