Who we are looking for

The Cyber Data Science, Enablement, & Analytics Leader will lead a team responsible for designing and operating data, analytics, and automation capabilities that underpin cyber control testing, continuous monitoring, and executive reporting. The selected candidate will derive accurate and timely insights into the firm’s security posture, inform cyber residual risk, and transform data into actionable intelligence. This role will provide stakeholders and risk owners with a single source of the truth of the security health of their assets.

What you will be responsible for

• Design, build, and maintain:
• Cyber data pipelines that aggregate risk, control, and other data from security tools, IT systems, and GRC platforms into a central repository/data warehouse.
• A data repository with front-end analytics to effectively response to regulatory questionnaires; using AI to ensure consistency across responses.
• Develop and execute automated control tests (e.g., external-facing attack surface, configuration, access, vulnerability, etc.) using scripts, APIs, and rules-based engines to provide periodic and near real-time assurance while aligning to known attack paths, where possible.
• Partner across Cyber functions, including GRC, security operations, security engineering and architecture, and data teams, to define data requirements, test cases, and target coverage for automated control testing.
• Analyze control testing results to identify patterns, emerging risks, and systemic control design or operating issues; provide data-driven recommendations for remediation and prioritization.
• Implement continuous monitoring dashboards and scorecards for key cyber risk and control indicators, support cyber leadership and facilitate reporting across business segments and functions.
• Engineer and maintain data models, taxonomies, and mappings (e.g., controls to NIST, ISO, CRI) to support standardized assurance related to regulatory requirements, metrics, and cross-framework reporting.
• Automate compliance and audit reporting, including evidence collection, population of templates, etc. to provide insights into gaps and remediation progress.
• Implement AI to support use cases across cyber security functions to increase efficiency and provide insights into data.
• Support regulatory and internal audit requests and reporting by producing metrics and evidence packs.
• Contribute to the design and rollout of cyber GRC tooling with a focus on workflow automation, data quality, and integration with data pipelines and enterprise-wide tooling.
• Establish and maintain documentation for data pipelines, control test logic, dashboards, and reporting processes, including runbooks and standard operating procedures.
• Build strong partnerships with cyber function leads and stay abreast of cyber transformation activities to ensure data, testing, dashboards and reporting processes maintain pace with cyber initiatives and emerging threats and risk.
• Lead team of data scientists and engineers to support enablement of Cybersecurity risk identification, control testing, and senior level reporting.

What we value

These skills will help you succeed in this role

• Deep expertise in cryptographic technologies, including PKI, TLS, HSMs, and certificate/key lifecycle management.
• Proven leadership in managing large-scale cryptographic programs across complex, global environments.
• Strong understanding of regulatory frameworks (e.g., NIST, ISO 27001, PCI DSS) and their cryptographic requirements.
• Experience with cloud-native cryptographic services (e.g., AWS KMS, Azure Key Vault).
• Exceptional communication and stakeholder management skills.
• Ability to lead cross-functional teams and influence without direct authority.
• Strong organizational, multi-tasking, and prioritization skills.
• Experience implementing automated and/or continuous controls monitoring in cloud and hybrid environments.
• Background in ITGC testing, control assurance, including test design, sampling, and documentation of findings and remediation actions.
• Knowledge of data modeling, ETL design, and basic data-engineering patterns (e.g., orchestration, data quality checks, schema versioning.
• Strong analytical mindset with the ability to translate ambiguous risk or control questions into measurable metrics and repeatable tests.
• Clear written and verbal communication skills, including the ability to explain complex technical findings and trends to leadership.

Education and Preferred Qualifications

• 10+ years of experience in cyber GRC, security analytics, data engineering, or related assurance roles, with exposure to control testing and risk/compliance reporting.
• Bachelor’s degree in information systems, computer science, data analytics, cybersecurity or related field (or equivalent experience).
• Demonstrated experience in building dashboards and reports in BI tools (e.g., Tableau, Power BI, or similar) to communicate risk and controls insights to non-technical stakeholders.
• Hands-on experience with scripting or automation programming (e.g., Python, PowerShell, SQL) and working with APIs to security extract data from security and IT platforms.
• Strong understanding of information security control frameworks and regulations such as NIST CSF / 800-53, ISO 27001/2, and data protection requirements.
• Familiarity with GRC platforms and workflow automation capabilities.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at State Street.com/careers

Read our CEO Statement: