Who We are: Charles River Development (CRD) is the FinTech division of State Street.
Together with State Street's Middle and Back-office services, Charles River's cloud-based Front Office technology forms the foundation of the State Street Alpha Platform, the first front-to-back solution in the industry. Industry momentum has seen CRD grow over 135% in headcount over the last 5 years, and we continue to grow.
As a digital innovation leader, we invest into our solutions, processes, systems, and talent. CRD / Alpha Platform Engineering organization is innovating and transforming the platform by moving away from monolithic software to utilizing next generation cloud-based technology that leverages Microsoft Azure, Kafka, Snowflake, etc. Position Summary: Be an integral part of an agile organization and contribute to the security of our products.
As a Security Compliance Associate, you will be supporting the application security functions to ensure all required risk management controls are identified, documented, communicated and implemented for all products developed in Charles River Development (CRD) / Alpha Platform.
In this role, you will have the opportunity to work and collaborate with other security functions such as Security Architecture and Security Engineering teams and gain knowledge around secure application development and design.
You will have the opportunity to help improve the current state model of how we do things today within the Secure SDLC space and bring in innovative solutions to improve our ways of working while keeping risk management at the forefront of our goals. Responsibilities: Provide support for internal and external audits including regulatory compliance reviews.Support the documentation efforts to keep the Procedures up to date and reflective of the Enterprise Policies and Standards.Keep track of and ensure timely closure of issues and findings with appropriate remediation activities.Work closely with risk management teams and other security functions to communicate and implement process changes as necessary.Identify areas of improvement in risk reporting and operations and develop ways to increase efficiency and effectiveness of existing processes.Perform periodic control testing and evidence collection to support risk objectives.Work with CRD Engineers to spread awareness of vulnerability management goals and requirements.Develop and improve processes to efficiently manage the use of third-party libraries in our products. Education: B.S.
degree (or foreign education equivalent) in Computer Science, Engineering, Mathematics, Physics, or other technical course of study required. Qualifications/Experience: Knowledge of risk management and application security concepts as well as Secure Software Development Lifecycle (SSDLC).Knowledge of industry standards and regulatory requirements such as NIST 800-53, DORA, GDPR, CCPA is desirable.Certifications such as ISO 27001 Lead Auditor, CISA, SSCP are a plus.Strong written and verbal communication skills.Strong analytical and problem-solving skills.
#J-18808-Ljbffr