Director Vulnerability Management Jobs (NOW HIRING)

Role Purpose

The Managing Director leads the firm's global resilience testing, exercising and vulnerability management capability. The role is accountable for establishing the enterprise framework, strategy and annual programme, ensuring a risk-based, regulator-ready approach that identifies vulnerabilities, drives remediation and strengthens resilience across critical business services, functions and third-party dependencies.

The role provides enterprise-wide oversight of testing activities and operates a Centre of Excellence to support consistent execution across business and functional teams, while driving continuous improvement through innovation, automation and AI.

Key Responsibilities

Framework, Strategy & Governance

• Define and maintain global frameworks, standards, methodologies and controls
• Establish consistent approaches to scenario design, execution, reporting and remediation
• Lead the annual testing strategy aligned to critical services, risks and dependencies
• Ensure robust governance across central and federated testing activities

Global Testing & Exercising Programme

• Design and deliver a global, risk-based testing programme
• Ensure coverage across business services, operations, technology, cyber and third parties
• Oversee full lifecycle of exercises (planning, execution, evaluation, follow-up)
• Deliver diverse and realistic testing (e.g. crisis simulations, cross-functional exercises, severe-but-plausible scenarios)

Vulnerability Management & Remediation

• Own identification, analysis and reporting of vulnerabilities from testing activities
• Ensure actionable remediation plans with clear ownership, timelines and prioritisation
• Drive root cause analysis and identification of systemic issues
• Track closure and escalate delays or recurring deficiencies

Centre of Excellence & Advisory

• Provide standards, tools, templates and guidance across the enterprise
• Offer expert challenge, advisory and quality assurance
• Build capability and promote consistency across business-led testing

Policy, Compliance & Assurance

• Ensure alignment with internal policies, governance and regulatory expectations
• Partner with risk, compliance and audit functions
• Maintain audit-ready documentation, reporting and evidence

Innovation, Tooling & AI

• Drive adoption of automation, workflow tools and AI
• Enhance data capture, reporting, analytics and action tracking
• Support a scalable, data-driven testing capability

Emerging Risks & External Developments

• Incorporate emerging threats, cyber risks and geopolitical developments into scenarios
• Monitor regulatory and industry practices
• Continuously evolve methodologies and testing approaches

Stakeholder & Regulatory Engagement

• Engage senior stakeholders, regulators, clients and third parties
• Present programme outcomes, vulnerabilities and remediation priorities
• Drive enterprise ownership, participation and accountability

Leadership

• Lead and develop a global team of resilience professionals
• Foster a high-performance, accountable and collaborative culture
• Build organisational capability across testing, exercising and analysis

Scope of Responsibility

• Global remit across all business lines, functions, legal entities and jurisdictions
• Oversight of testing across critical services, operations and third-party ecosystems
• Accountability for enterprise standards, execution oversight, advisory and remediation governance
• Engagement with senior executives, regulators and external stakeholders

Experience & Qualifications

• Senior leadership experience in resilience, testing/exercising, risk or related disciplines
• Proven experience leading enterprise-wide resilience testing programmes in regulated environments
• Strong track record in cross-functional and regulator-facing engagement
• Experience with technology, automation, analytics and AI in resilience
• Degree required; advanced qualifications or relevant certifications preferred

Knowledge, Skills & Capabilities

• Deep expertise in resilience testing methodologies and governance
• Strong understanding of operational resilience and scenario design
• Ability to translate testing outputs into clear insights and remediation actions
• Strong executive communication and influencing skills
• Strategic mindset with strong execution discipline
• Ability to drive change across complex global organisations

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street's comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home.

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you'll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.