Vacancy expired!
Overview
Principal Technology Risk and Control Who we are: For over 235 years, Bank of New York Mellon (BNY Mellon) has been at the center of the global financial markets, providing the world-s leading institutions the tools, capabilities, and services to be distinctive investors. BNY Mellon has approximately $16.5 billion in revenues and a 23% return on tangible common equity. BNY Mellon is a leader in the world of investment services and investment management, and our businesses support the full range of stakeholders of the financial system including:- Managing the custody of approximately $37 trillion financial assets of the world-s leading institutional investors, hedge funds, sovereign wealth funds, and corporates
- Investing approximately $2 trillion as one of the largest global asset managers across a wide range of asset classes
- Providing collateral, liquidity, and funding for the world-s largest banks through our markets franchise
- Serving family offices and high net worth individuals through our wealth management franchise
- Providing a full suite of solutions to advisors, broker-dealers, family offices, hedge and '40 Act fund managers, registered investment advisor firms and wealth managers
- Advising large global corporations on a range of trust and other solutions
- Providing integrated managed data services to asset managers
- Have the skills in risk identification and management of process across all aspects of Technology and cyber related risks and controls.
- Have ability to support the effectiveness of enterprise-wide information security strategy including related programs, processes, and initiatives.
- Have the ability to provide consultative guidance around sound risk management practices, frameworks (ISO, NIST CSF, COBIT, COSO, SOX, SOC, etc.) to technology and business stakeholders in order to guide them through managing risks within the risk appetite thresholds.
- Have the knowledge and ability to monitor and assess the potential impact of technology and information security emerging technologies, laws, regulations, and/or policies on the Asset servicing operations and business.
- Assess the adequacy of the security strategy, business continuity/disaster recovery plans, threats to systems, and then calculating the impact of potential adverse events for Asset Servicing technology.
- Assist with management and coordination of Audits, regulatory responses and assessments focusing on a broad scope of technology and information security topics. This includes understanding International Auditing Standards as well as understanding process for documenting self-assessment evidence and records retention practices.
- Implement continuous control monitoring on behalf of the 1st line of defense and understand that assessment must be continual, as the risk profiles change constantly.
- Ensure management is kept up to date on the results of the risk assessment and make recommendations for mitigations, or projects to protect their systems or cover potential losses.
- Continually improve the quality of the risk management - through evaluation of communication of security, data vulnerability, business continuity and compliance risks.
- Self-identification of technology and cyber risks even before it occurs
- Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
- Identify vulnerabilities or weaknesses in systems and facilitate collaborate sessions to remediate these issues.
- Examine employee compliance with security controls and deficiencies escalating issues to Information Security and business contacts, as appropriate.
- Evaluate security policy, processes, and procedures for completeness
- Work with business leads and information security to ensure that controls are adequate to protect sensitive information systems
- Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
- Provide thought leadership on mitigation/damage reduction proposals
- Manage and resolve escalations focused on delivering consistent stakeholder satisfaction and responsiveness.
- Participate as a Technology point of contact for robust technology risk and control support and engagement activities on technical incidents / risk / controls matters with the aim of reducing risk and increasing resiliency in operational processes.
- Identify technology risk (e.g. End of Life) proactively and addresses through a structured delivery plan along with the regional service owners.
- Bachelor's degree or equivalent combination of education and work experience required. 10-12 years of total work experience preferred.
- Experience in the securities or financial services industry is a plus. CISA, CISSP or CRISC and ISACA certifications preferred. N/A. Contributes to the achievement of area objectives.
- 10 to 12 years of total experience in IT Risk and/or Information Security
- Experienced team player with the ability to work independently to organize, manage and complete projects within tight deadlines
- Significant knowledge in 2 or more: Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, BCM & DR
- Analytical skills with the ability to provide practical solutions for effective risk management
- Results oriented and assertive (ability to tackle challenging situations)
- Excellent stakeholder management and ability to communicate (verbal and written) with different levels of seniority as well as able to communicate technical issues in business language within a global organization
- Confidence to respectfully challenge stakeholders
- Ability to quickly adopt to quick changes
- A self-motivator who has solid track record of local and regional delivery in a global organization
- Prior experience in dealing with regulators in the Asia Pacific Region
- Experience in the securities or financial services industry
- IT Audit experience
- Project Management experiment
- Information risk and/or security qualification (CISSP, CRISC, CISM or equivalent)
- ID: #23469237
- State: Pennsylvania Pittsburgh 15201 Pittsburgh USA
- City: Pittsburgh
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2021-11-25
- Deadline: 2022-01-23
- Category: Security