BNY Mellon Careers

SrPrin, Tech Risk Mgmt (Director, Security Architecture)

New York, New York

Job Description

Primary responsibilities include:

Performs technology risk threat assessments of large and complex  technology initiatives

Participate and represent Technology Risk Management in the development and approval of technology architecture patterns as part of the architecture review board

Assess and participate in future technology projects and designs, ensuring the identification of technology risks and the agreed upon controls and mitigating initiatives

Ensure technology designs are effectively implemented

Serves as Technology Risk Management lead for significant Technology projects, ensuring quality oversight end-to-end risk status

Consult with Technology to understand technology risks, and ensure quality control designs to address those risks  

Directs less experienced professionals in supporting strategic Technology Risk through the completion of highly complex analyses on technology domains. Directs the global strategic technology risk program within a business area, multiple business areas and/or across regions while advising on and guiding technology risk management and leadership on appropriate risk and control frameworks specific to each area or region, governance, policies, methods, standards, processes and reporting. Directs the development of and may deliver the strategy for interpreting and enforcing technology risk policies pertaining to the assigned area, areas or regions. Independently develops the organizational technology risk management framework and strategy, and collaborates with other risk management leaders to prioritize global risks, identify areas to create business value, streamline technology development and identify areas where additional technology risk training is needed. Anticipates, communicates and addresses impacts from changes to the framework and influences solutions. Is extensively familiar and adept at influencing the assigned business area, multiple business areas and/or regions to drive the enforcement of technology risk policies, standards and regulatory requirements. Leads the development and maturation through expert subject matter expertise of technology control and risk management concepts, security systems and applications in order to interpret the technology risk needs of the assigned business area, areas or regions and communicates relevant information, risk management policies, procedures and guidelines. Directs the business area, areas or regions' technology risk and control environment initiatives. Leads through industry thought leadership and extensive experience with area or regional laws and regulations in order to manage existing and anticipated technology risks. Independently directs complex risk analyses and comprehensive risk assessments. Assigns project tasks to more junior professionals while directing their work for successful outcomes. Leads and designs training on effective technology risk management and drives the schedule for routine training refreshes across business areas and regions. Interprets and leads analyzes of highly complex data and reporting from numerous sources to deliver presentations to business unit leadership and global technology risk management. Performs the highest complexity analyses and identifies trends using an expert understanding of technology risk metrics (KRIs, KPIs). Leads the establishment of business unit and/or business partner area KPIs that ensure compliance with legal and regulatory requirements. Develop and leads overarching macro KRI and KPI analysis and maturation at the global, regional, country and entity levels. Responsible for building a highly effective technology risk culture and establishing and communicating technology risk policies, procedures and guidelines. Directs the business leadership and technology risk managers on appropriate use of technology risk support tools to develop technology risk policy content. Uses industry thought leadership and extensive experience to drive the frameworks, tools and approaches used globally and locally by the organization. Directs remediation activities for highly complex technology risk issues for the assigned business area, areas or regions and directs tasks to more junior professionals. Ensures strong linkage and correlation of risk activities and the potentially significant monetary consequences for the organization. Leads and demonstrates through evidence indicating adherence to existing controls and compliance with laws and regulations and identifies opportunities for control methodology revisions. Directs the delivery of communications on technology risk matters to global senior business management and regional management. Uses senior executive and mid-management relationships to drive compliance with the technology risk management framework and ensure implementation of all necessary technology risk management improvements and recommendations. Enforces a consistent global approach aligned to internal and external reporting regimes for technology risk management execution and reporting. Owns and leads the architecture, design and implementation methods for the network security architecture and relevant security controls for the business area, areas or regions in partnership with senior IT roles. Determines the needs for adjustments and improvements and takes full ownership of internal and external IT projects and applications for technology risk issue management projects. Responsible for adherence to security policies, industry best practices and security controls. Responsible for reviews following the completion of projects to identify security breaks and complete remediation. Directs technology risk analyses on large, complex projects, mergers, acquisitions, and divestitures. Provides expert analysis and challenges on various high-risk due-diligence activities. No direct reports; provides guidance to more junior team members and assigns tasks. Directs the achievement of team objectives. Modified based upon local regulations/requirements.  


Bachelor s degree or the equivalent combination of education and experience is required. 12-15 years of total work experience preferred. Experience in Technology, Information Security and/or technology risk preferred. Knowledge of security systems and applications preferred. At least one security clearance preferred.

For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark:

Risk and Compliance provide risk and compliance services across all BNY Mellon businesses. Organizationally, Risk and Compliance includes the following groups: Risk Management, Compliance, Global Corporate Security, Information Risk Management and Global Business Continuity. Risk Management oversees and delivers risk services and ensures new business risks are reviewed and approved. Risk Management is organized through Chief Risk Offices for each core business and critical operation. Risk managers provide shared support to BNY Mellon for operational risk services for Global Corporate Trust, Depositary Receipts, Treasury Services and Global Operations in EMEA. Compliance helps ensure BNY Mellon's businesses maintain appropriate processes to comply with applicable laws, regulations, BNY Mellon policies and ethics. This is accomplished through business- and business partner-specific teams of professionals, under centralized global management.

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Primary Location: United States-New York-New York
Internal Jobcode: 85303
Job: Risk
Organization: Technology Risk Mgmt-HR06032
Requisition Number: 1810178