BNY Mellon Careers
Specialist Information Security Analyst - Cyber Risk Assessment
This position is responsible for leading and assisting in cyber assessments on internal affiliates and third-parties based on the BNYM Cybersecurity Services Model (CSM). Assessments measure compliance with the CSM and identify and quantify any gaps. The assessor is responsible for meeting and interacting with the entities being assessed, conducting the assessments, producing and reviewing assessment artifacts, reviewing remediation plans, and tracking the lifecycle of gaps through closure.
- Execute and support cyber security risk assessments on BNYM affiliates or third-parties
- Validate effectiveness of current controls and identify potential gaps
- Review assessment results for vulnerabilities, gaps, and control deficiencies and work with business stakeholders to establish plans for sustainable resolution
- Document results of assessments and verification activities
- Perform engineering review of security control modification proposals and determine the effectiveness of the proposals while determining their ability to meet BNYM standards
- Ability to speak and understand terminology, especially those related to cybersecurity assurance
- Produce and maintain metrics based on the assessment framework
- Determine potential impact of detected gaps and translate that into risk within the established framework
- Develop situational awareness and stay informed of current technology and vulnerabilities
- Perform any tasks to ensure that the Cyber Assessment Team meets its commitments
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, 6-8 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
Cybersecurity related experience in enterprise architecture or engineering
Working knowledge of security domains, auditing standards and frameworks, and risk analysis frameworks including ISO 27001, NIST Cyber Security Framework, IT-CMF, etc.
Knowledge of domestic and international regulatory requirements as a plus
One or more of the following certifications required; CISSP, CRISC, CISA
Any other security related certification considered a plus (CEH, Security+, etc.)
A broad and diverse security skill-set with advanced understanding of both technical and non-technical controls and the ability to effectively apply this knowledge when performing assessments
- A minimum base knowledge of networking components and various operating systems and cloud environments
- Ability to identify, assesses and document the severity and potential impact of risks and communicate risk assessment findings to risk owners in a way that consistently drives objective, fact-based decisions
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate actions
- Ability to understand and communicate the business needs and a commitment to delivering high-quality, prompt, and efficient service to the business
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-New Jersey-Florham Park
Internal Jobcode: 45126
Job: Information Technology
Organization: Information Security-HR11724
Requisition Number: 1702842