BNY Mellon Careers

IRM Manager (Technology Risk)

Oriskany, New York

Job Description

Vendor Technology Risk (VTR), a division of Technology Risk Management, is responsible for the following functions:  governance & oversight, integration with other BNY Mellon departments, and regulatory & industry alignment.  The TRM Manager will primarily be responsible to identify data quality gaps in assessment requests, monitor the progress of vendor risk assessments, maintain evidence of ongoing oversight and challenge, and ensure Line 1 technology risk assessments address existing rules and regulations.  The successful Manager will have a combination of business or technical-related education or 5+ years of related work experience, experience with audit / information risk management / information security, knowledge of industry standards such as ISO 27001, ISO 27108, ISO 22301, NIST Cybersecurity Framework controls, and SOC 2, and an understanding of vendor risk and / or supplier management.  In addition to education and experience, certifications such as CISSP, CISM, CRISC, PMP, or PMI-RMP are valuable.


The Vendor Technology Risk Manager supports the Technology Risk Management Senior Managers driving the strategic information risk program within TRM and business areas supported, while providing advice and guidance to the Vendor Technology Risk Analysts. S/he will assist and support Senior Managers with the development of strategic program elements and provide input to the TRM risk prioritization. S/he must demonstrate a proven knowledge of information, cyber, security, and technology risk concepts with the ability to interpret and enforce BNY Mellon information risk policies and standards, regulatory requirements with the business and business partner areas. S/he will have the aptitude to identify new risks and apply resolutions based on industry best practices and determine and communicate the business impact from changes to information risk policy and standards. S/he would create and execute project work plans on organizational goals, strategies, practices, user projects. Adjusting and revising, as appropriate, to meet the changing needs and requirements of the organization to further add business value, supporting the development and implementation of key metrics (KRIs, KPIs). They would be expected to effectively administer resources to ensure operational effectiveness within the organization, managing work load, project plans, deliverables, and supervising staff members. The Vendor Technology Risk Manager must be able to work across global and regional groups and communicate information risk matters effectively to their senior management. The Vendor Technology Risk Manager reports to the Information Risk Lead / Senior Manager within their department and is expected to deputize for the Information Risk Lead or Senior Manager when required. The direct management of Technology Risk Management Analyst staff will be required on a BAU basis, ensuring their focus on daily tasks to deliver on initiatives.


Bachelor s Degree or equivalent work experience required. Previous risk and audit experience is preferred. A minimum of 7 years' experience, 7-10 years related experience in information risk, information technology and/or technology compliance is preferred.

For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark:

Risk and Compliance provide risk and compliance services across all BNY Mellon businesses. Organizationally, Risk and Compliance includes the following groups: Risk Management, Compliance, Global Corporate Security, Information Risk Management and Global Business Continuity. Risk Management oversees and delivers risk services and ensures new business risks are reviewed and approved. Risk Management is organized through Chief Risk Offices for each core business and critical operation. Risk managers provide shared support to BNY Mellon for operational risk services for Global Corporate Trust, Depositary Receipts, Treasury Services and Global Operations in EMEA. Compliance helps ensure BNY Mellon's businesses maintain appropriate processes to comply with applicable laws, regulations, BNY Mellon policies and ethics. This is accomplished through business- and business partner-specific teams of professionals, under centralized global management.

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Primary Location: United States-New York-Oriskany
Internal Jobcode: 32952
Job: Risk
Organization: Information Risk Management-HR06032
Requisition Number: 1715684