Cyber Exercise Program Lead

Who we are looking for

The Cyber Exercise Program Lead will be a member of the Offensive Security team within the Global Cyber Security (GCS) group. The Cyber Exercise Program Lead will develop, execute, and evaluate exercises and workshops that address the priorities established by executive leadership. These exercises provide the organization the opportunity to shape planning, assess and validate capabilities, and address areas for improvement. This person must be comfortable leading their security initiatives across a large, diverse, and complex global financial environment.

What you will be responsible for

• Develop Cyber Exercise Program procedures that align with State Street Policies and Standards and that leverage U.S. government Homeland Security Exercise and Evaluation Program (HSEEP) guidance.
• Develop, execute and evaluate approximately multiple cyber workshops and exercises annually to identify opportunities for improvement to the enterprise's security framework.
• Work with other teams to identify opportunities for improvement and recommend ways to improve security capabilities.
• Design threat scenarios based on threat intelligence, and State Street's IT systems, procedures and teams.
• Develop all materials required for exercises and workshops, including: executive requirements memorandum, situational manuals, participant invitations, facilitation materials, after action reports, and remediation plans.
• Thoroughly document all phases of exercises and workshops, including: scope, plan, findings & recommendations, and remediation plans to satisfy audit requirements.
• Support the creation of hardening guidance, detection rules, security alerts and other security solutions for addressing opportunities for improvement.
• Assist with resolution of regulatory findings, and implementation of remediation plans.

What we value

These skills will help you succeed in this role

• Developed, executed and evaluated multiple cyber security exercises of varying complexity and scope.
• Knowledge of relevant frameworks and concepts, including: MITRE ATT&CK & D3FEND, the diamond model, the intelligence cycle, U.S. Department of Defense Joint Exercise Life Cycle (JELC), U.S. Department of Homeland Security Homeland Security Exercise and Evaluation Program (HSEEP), and U.S. Cybersecurity & Infrastructure Security Agency (CISA) Tabletop Exercise Packages (CTEPs).
• Extensive experience writing defensible exercise documents that withstand audit scrutiny and have driven organizational improvement.
• Strong organizational, task switching, and prioritizing skills.
• Ability to work independently and solve challenging problems with stakeholders.
• Knowledge of common vulnerabilities and exposures (CVE) programs.
• Attention to detail
• Collaboration and influencing
• Working professionally with confidential information
• Presentation skills, both orally and written
• Professional approach to communicating complex and contentious ideas and solutions in simple terms to a broad audience.

Education and Preferred Qualifications

• Bachelor's Degree in a relevant subject, including business, information technology, cybersecurity, engineering, and communications.
• 3+ years of Cyber Event Coordination experience or equivalent
• 3+ years of developing, executing and evaluating exercises.
• Experience in a financial services organization.
• Experience in cybersecurity operations.
• Training and certification in planning and executing exercises.
• Advanced Microsoft Office skills.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you'll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on U.S. jobs at StateStreet.com/careers

Read our CEO Statement

Salary Range:
$120,000 - $187,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.