Head of AI Security & Data Protection

Position Overview:

The Senior Vice President, Head of AI Security & Data Protection, is a critical leadership role responsible for defining, implementing, and overseeing State Street's comprehensive strategy for securing AI and data protection. This role leads teams across both domains, ensuring the confidentiality, integrity, and availability of sensitive data assets, and the design and stewardship of defensible, scalable, and secure AI archichitectures and implementations. The SVP will drive innovation in threat modeling and AI security, while maintaining regulatory compliance and operational excellence. A key component of this role will be to proactively address the risks of quantum computing by developing and executing a robust Post-Quantum Cryptography (PQC) readiness strategy. The successful candidate will be a seasoned security executive with deep expertise in AI, data security technologies, regulatory compliance (e.g., GDPR, CCPA, NYDFS, PCI DSS, etc.), and a proven track record of managing complex data security and cryptographic programs within a large, highly regulated financial institution.

Key Responsibilities:

Strategic Leadership

Develop and execute State Street's global strategy for secure AI and data protection, aligned with business objectives and regulatory requirements.

Define and steward secure AI architectures and threat modeling frameworks across the enterprise.

Lead the identification, assessment, and mitigation of risks across enterprise data security, including emerging threats from quantum computing and AI.

Champion security-by-design principles in all technology initiatives, integrating security into application development, infrastructure, and cloud environments.

Data Protection & Governance

Develop and execute a comprehensive data protection strategy for customer, supplier, and product data, with actionable controls and measurable outcomes.

Define, implement, and maintain data protection policies, standards, and procedures, ensuring ongoing compliance and executive sponsorship.

Maintain deep knowledge of global data protection laws and frameworks (GDPR, CCPA, LGPD, NYDFS, PCI DSS, etc.) and industry standards (NIST, COBIT, ISO 27001).

Lead architecture, tooling selection, risk assessment, control design, and implementation for data protection and governance solutions.

Threat Modeling & Defensible Architecture

Establish and mature threat modeling practices for AI, integrating them into architecture and engineering processes.

Oversee the development and implementation of pilot programs and testing for emerging technology security (e.g., Post-Quantum Cryptography migration, AI model governance).

AI Security & Emerging Technology

Manage data protection for AI/Generative AI initiatives, including data governance for models, data provenance, and model risk considerations.

Stay abreast of emerging threats and technologies, proactively enhancing State Street's security posture in areas such as quantum computing, AI, and cloud security.

Collaborate with architecture and engineering teams to evaluate and integrate suitable security solutions for emerging technologies.

Operational Excellence & Program Management

Oversee the design, implementation, and management of data security controls: DLP, data classification, encryption, tokenization, masking, database activity monitoring, and cloud data security posture management.

Drive controls automation and governance technology initiatives (e.g., Archer, ServiceNow GRC) to streamline risk management, policy enforcement, and audit readiness.

Integrate GRC with project/portfolio management tools (e.g., Jira, Clarity) for alignment of control requirements and remediation efforts.

Develop and implement incident response plans and procedures, including considerations for "Harvest Now, Decrypt Later" scenarios.

Stakeholder Engagement & Advisory

Serve as a trusted advisor to the CISO, executive leadership, and business units on all matters related to enterprise architecture, data protection, and emerging technology security.

Build strong partnerships with the Chief Data Officer (CDO), Chief Technology Risk Officer (CTRO), Chief Architect, Head of Emerging Technologies and business units to embed security requirements in business processes.

Represent State Street in industry forums, conferences, and regulatory discussions related to data security and emerging technologies.

Analytics, Insights & Decision Support

Deliver measurable dashboards and KPIs/KRIs that drive action and provide insights into the effectiveness of security controls and architecture for AI and data programs.

Synthesize input from diverse stakeholders to develop practical, scalable solutions and recommendations.

Team Leadership & Development

Build, mentor, and lead high-performing teams of architects, engineers, and analysts, fostering expertise in AI security, data protection, and emerging technology security.

Drive talent development, succession planning, and cross-functional collaboration.

Qualifications:

Education

Bachelor's degree in Computer Science, Information Security, or related field; Master's degree highly preferred.

Relevant industry certifications (e.g., CISSP, CISM, CDPSE, CIPP/E, CRISC, certifications in cryptography or architecture) are highly desirable.

Experience

Minimum of 15+ years of progressive experience in information security and enterprise architecture, with at least 8-10 years in senior leadership roles within large, complex organizations.

Extensive experience in data protection, information lifecycle management, and data governance within regulated, global enterprises (banking/financial services preferred).

Proven experience in developing and implementing enterprise-wide security and architecture strategies and programs.

Deep technical understanding of data security technologies, architectures, and cryptographic infrastructure, including PQC readiness.

Experience with cloud security (AWS, Azure, Google Cloud Platform) and securing data in cloud environments.

Broad expertise in cybersecurity frameworks and industry standards (NIST, COBIT, FFIEC, ISO 27001, etc.).

Skills & Characteristics

Exceptional leadership, communication, and interpersonal skills.

Ability to translate complex technical concepts into clear, actionable insights for technical and non-technical audiences.

Strategic thinker with a results-oriented approach and foresight to anticipate future threats.

Demonstrates the ability to drive organizational change with clear sponsorship, wide adoption, and measurable impact.

Proactively develops new skills and capabilities beyond current comfort zones.

What We Offer:

The opportunity to play a pivotal role in securing a leading global financial institution, addressing one of the most significant emerging cyber threats.

A challenging and rewarding work environment with significant impact.

Competitive salary and comprehensive benefits package.

Opportunities for professional growth and development, particularly in cutting-edge areas like quantum security.

A collaborative and supportive team culture.

Salary Range:
$225,000 - $337,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street's comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you'll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.