Encryption Program Analyst, AVP, Hybrid

About The Position

Requirements

• Strong proficiency in Python, PowerShell, Bash, or Java.
• Understanding of cryptographic algorithms (AES, RSA, ECC), hardware security modules (HSMs), and secure key storage practices.
• Experience working in financial institutions or other highly regulated industries.
• Hands-on Experience with key management systems (Fortanix, ASW KMS, Azure Key Vault, OCI KMS).
• Experience with Kubernetes, Terraform, Ansible, Chef, and CI/CD automation.
• You have multiyear (>4 years) experience within Cybersecurity including SecOps, Cloud Security, and secure architecture.
• Bachelor's Degree in Computer Science/Engineering, related discipline, or equivalent work experience.
• Familiarity with NIST 800-57, PCI DSS, FIPS 140-2/3, ISO 27001, GDPR, FFIEC, and IoT security (NIST 800-183, ETSI EN 303 645).
• Hybrid work environment conforming to State Streets in office requirements based on location.

Nice To Haves

• Certifications such as CISSP, CISM, AWS Security Specialty, HashiCorp Certified Vault Associate or CCSK.

Responsibilities

• Implement and maintain the enterprise cryptographic strategy, ensuring alignment with security, compliance, and business objectives.
• Define and maintain key lifecycle management processes and procedures, including key generation, rotation, revocation, and decommissioning for cloud, on-premises, and IoT environments.
• Support the deploy of centralized Key Management Systems (KMS), including cloud-native KMS (AWS KMS, Azure Key Vault, OCI KMS), and enterprise HSMs
• Ensure robust data encryption methodologies are applied to data stored in databases, applications, and IoT connected devices.
• Collaborate with cloud security and DevSecOps teams to integrate encryption and key management into CI/CD pipelines and Infrastructure as Code (IaC) deployments.
• Develop IoT encryption frameworks to secure IoT devices.
• Support the integration of encryption solutions into applications, databases, cloud services, IoT platforms, and enterprise infrastructure.
• Collaborate with application security, infrastructure, and DevSecOps teams to embed cryptographic security controls into software development and deployment processes.
• Support post-quantum cryptography (PQC) readiness by evaluating and preparing for emerging threats to encryption security.
• Ensure compliance with NIST 800-57, PCI DSS, FIPS 140-2/3, ISO 27001, GDPR, FFIEC, and IoT security (NIST 800-183, ETSI EN 303 645).
• Developing governance frameworks for encryption and cryptographic key management, including policies for key storage, access control, logging, and auditing.
• Conduct risk assessments, vulnerability testing, and security reviews for cryptographic implementations, IoT ecosystems, and cloud security controls.
• Act as a key stakeholder in security audits, regulatory assessments, and IoT security standardization efforts.
• Provide Technical support and training to internal teams on encryption best practices, cloud security, and IoT security.
• Stay ahead of advancements in cryptographic algorithms, quantum computing risks, and emerging IoT security frameworks.
• Drive innovation in encryption automation, integrating key management with DevSecOps, and Infrastructure as Code (IaC).

Benefits

• Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
• For a full overview, visit https://hrportal.ehr.com/statestreet/Home.