BNY Mellon Careers

Manager Control Assessment – Senior Risk Practitioner

Florham Park, New Jersey; Pittsburgh, Pennsylvania; New York, New York

Job Description

Technology Monitoring and Control (TMC) supports BNY Mellon’s critical resiliency priorities by monitoring the design, implementation and operation of controls that reinforce the integrity, security and resiliency of technology development and operations.   TMC drives 1st Line of Defense Technology Risk Management and Technology Operational Risk, leads Technology Policy Management, delivers metrics reports on technology risks and controls, assesses critical infrastructure, applications and services, monitors associated controls, drives governance and oversight of risk remediation associated with cybersecurity, third-party governance, stability, and incident management, including disaster recovery and supports the design and execution of technology and information risk programs.  GENERAL SUMMARY

Responsible for managing the Control assessment process for the BNY Mellon Technology. Working closely with application development and infrastructure teams, candidate will lead team to perform in-depth control assessments to determine control effectiveness. The candidate will also identify opportunities for automation of control assessments and implement the same. As a senior member of the team, the candidate will provide technical expertise, communicate findings to senior audiences, and review control assessment reports. Mentors staff and ensures assessment process is adhered to within the team.



  • Identify Key Controls for assessment

  • Determine control objective and come up with assessment strategy

  • Determine data elements and representative sample

  • Perform technology Control assessments of applications & platforms using defined model and industry best practices

  • Play an advisory role for control design and implementation

  • Report and communicate the results of Control assessments to senior management and stakeholders

  • Collaborate with Control owners to select and align recommended responses

  • Act as the Subject Matter Expert and provide the needed awareness and training

  • Research and assesse new threats and security alerts and recommend controls for emerging technologies


Manages and coordinates the Control assessment process. Ensures quality result reporting by performing reviews of published Control assessment reports. Trains and mentors more junior staff members to ensure quality of output and growth of individuals.


Group Manager, IT Risk Management->> Manages a medium to large-sized or multiple small teams responsible for identifying, analyzing, monitoring, and minimizing areas of risk that pertain to information technology. Ensures coordination of all matters with disaster recovery and data security teams. Directs and oversees the preparation of risk reports for review by multiple business areas and CTS management. Leads and contributes to policies for documenting existing control procedures. Analyzes documentation for evidence of successful and efficient performance. Manages complex projects that involve working with the businesses to improve controls to mitigate any deficiencies. Ensures controls meet regulatory and organization standards.Uses in-depth knowledge of information technology and market trends to determine potential risks to the organization. Manages analysis and draws conclusions in order to recommend and direct any resulting change needed to mitigate risk. Recruits, directs, motivates and develops staff, maximizing their individual contribution, their professional growth and their ability to function effectively with their colleagues as a team. Manages one or more risk management teams. Contributes to the achievement of team objectives.


Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.   10+ years of related experience required.   Experience in the securities or financial services industry is a plus.   ISACA certifications preferred.

For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark:

Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Primary Location: United States-New Jersey-Florham Park
Internal Jobcode: 45289
Job: Risk
Organization: IT Risk Mgmt-HR14924
Requisition Number: 1716470