BNY Mellon Careers

SrSpec, Tech Risk Mgmt (Penetration Tester/Ethical Hacker)

Pittsburgh, Pennsylvania

Job Description

This is a penetration testing position that requires experience in testing applications and infrastructure in a web-facing environment utilizing tools such as (but not limited to) Burp Suite Pro, WebInspect, Appscan, Nessus, Core Impact and Nipper.  Professional certifications, such as CEH, CWAPT, GPEN, GXPN, GMOB, GWEB and OSWP, are highly regarded.



Drives the strategic technology risk program within a business area, multiple business areas and/or across regions while advising on and guiding technology risk management tasks completed by senior business managers and professional technology risk staff. Drives the interpretation and enforcement of technology risk policies pertaining to the assigned area, areas or regions. Contributes to the development of the organizational technology risk management framework and strategy, and collaborates with other subject matter experts to determine appropriate methods, policies and procedures for enforcing adherence to the framework - as appropriate for each business area or region - and determining impacts from changes to the framework. Is extensively familiar and adept at influencing the assigned business area, multiple business areas and/or regions to drive the enforcement of technology risk policies, standards and regulatory requirements.


Applies broad, deep understanding of control and risk management concepts, security systems and applications in order to interpret the technology risk needs of the assigned business area, areas or regions and communicates relevant information, risk management policies, procedures and guidelines. Applies understanding of and extensive experience with area or regional laws and regulations to the management of existing and anticipated technology risks.

Independently facilitates application risk analyses and comprehensive risk assessments. Assesses and determines the business area, areas or region's need for additional training and support on technology risk management. Interprets and uses advanced data and reporting from numerous sources to deliver presentations to business unit and/or business partner area leaders and management. Performs the highest complexity analyses and identifies trends using an advanced understanding of technology risk metrics (KRIs, KPIs). Directly contributes to the establishment of business unit and/or business partner area KPIs that ensure compliance with legal and regulatory requirements.

Drives efforts to promote a highly effective technology risk culture and to enforce and communicate technology risk policies, procedures and guidelines. Advises the business management and technology risk managers on appropriate use of technology risk support tools to develop technology risk policy content. Uses industry knowledge to influence the choice of tools used by the organization.


Bachelor s degree or the equivalent combination of education and experience is required. 7-10 years of total work experience preferred. Experience in Technology, Information Security and/or technology risk preferred. Knowledge of security systems and applications preferred. At least one security clearance preferred.

For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark:

Risk and Compliance provide risk and compliance services across all BNY Mellon businesses. Organizationally, Risk and Compliance includes the following groups: Risk Management, Compliance, Global Corporate Security, Information Risk Management and Global Business Continuity. Risk Management oversees and delivers risk services and ensures new business risks are reviewed and approved. Risk Management is organized through Chief Risk Offices for each core business and critical operation. Risk managers provide shared support to BNY Mellon for operational risk services for Global Corporate Trust, Depositary Receipts, Treasury Services and Global Operations in EMEA. Compliance helps ensure BNY Mellon's businesses maintain appropriate processes to comply with applicable laws, regulations, BNY Mellon policies and ethics. This is accomplished through business- and business partner-specific teams of professionals, under centralized global management.

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Primary Location: United States-Pennsylvania-Pittsburgh
Internal Jobcode: 85301
Job: Risk
Organization: Technology Risk Mgmt-HR06032
Requisition Number: 1804147