BNY Mellon Careers
Principal Information Security Analyst- Forensics
At BNY Mellon, cybersecurity is a top priority for both technology and the business. The members of the Information Security Division are on constant alert, using their creativity and knowledge of cybersecurity, technology and business processes to develop and deliver creative solutions. In this fast-paced environment, staff collaborate to respond to current risks, while identifying and anticipating future threats. Our cyber capabilities encompass the full spectrum of services from Cyber Operations (SOC, Cyber Threat Intelligence, Vulnerability Management, Cyber Incident Response, Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insider threat) to Cyber Architecture and Engineering (Network, Platform, Cloud, and Applications Security). Together with the CISO and his leadership team, staff provide a robust set of cyber services that provide full scope protection and response capabilities across the BNY Mellon enterprise. We help our businesses, the bank’s executive team, and our board of directors understand cybersecurity risk and the steps that must be taken to create and maintain a secure environment that drives innovation.
The Forensic Senior Investigator role supports the Information Security Manager driving the strategic forensic response program within ISD while providing guidance to the Information Risk Analysts and stakeholders within the business units which s/he supports. S/he must demonstrate proven forensic skills and be the point of contact and subject matter expert for forensic investigations across all business and business partners. While overseeing the design and implementation of the forensic infrastructure and develop and maintain a 3-5 year plan for expansion and growth. The Senior Investigator will provide recommendations and provide roadmaps for service offerings and tool selections and champion the development and implementation of key metrics (KRIs, KPIs), with management oversight. S/he will provide oversight and monitoring functions to ensure compliance with all internal and external audits and reviews and manage relationships with external vendors and service providers. S/he will partner with other Forensic Investigators in conducting expert level forensic investigations in support of Corporate Security, Legal and HR related events. The Forensic Senior Investigator must be able to work across global regions and communicate security and information risk matters effectively to their senior management. The Forensic Senior Investigator reports to ISD manager within their department.
- Perform expert level digital forensic investigations across multiple platforms throughout the global organization.
- Oversee the design and implementation of the forensic infrastructure and develop and maintain 3-5 year plan for expansion and growth. Make recommendations and provide roadmaps for service offerings and tool selections. Champion the development and implementation of key metrics (KRIs, KPIs), with management oversight.
- Point of contact and subject matter expert for forensic investigations across all business and business partners.
- Serve in leadership role in interfacing with business units.
- Provide oversight and monitoring functions to ensure compliance with all internal and external audits and reviews
- Manage relationships with external vendors and service providers
- Provide expert witness testimony in court proceedings as required and/or review detailed and comprehensive investigative reports that may be utilized for criminal/civil litigation. Spearhead the development of customized reporting
Principal Information Security Analyst->> Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes highly complex data and information to provide insights, conclusions and actionable recommendations. Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles. Addresses high risk security concerns or incidents. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.
- S/he should have solid MS Office skills along with strong verbal and written communication skills with stakeholder management experience
- S/he should have the ability to facilitate requirements gathering and be able to communicate risk mitigation strategies, and track remediation. Understanding of Industry Best Practices in forensic investigations as well as working knowledge (i.e., NIST, ISO, CoBIT, OWASP, ITIL) is required.
- S/he must possess technical writing skills. Related experience in technology Information Security, and Information risk or another related business area is required.
- S/he must possess an excellent knowledge of security systems and be able to enforce and communicate related policies, procedures and guidelines. Certification as a Forensic Investigator and knowledge of mobile device forensic products (e.g. Cellebrite, MPE) with advanced knowledge of Files systems and the Windows registry is required.
- Project and/or Program Management experience is preferred, to support e.g. maintaining and updating product road maps. Staff development & talent management experience is required.
- Candidate must have strong judgment and excellent analytical, communication and problem solving skills as well as advanced technical skills. The ability to apply subject matter expertise to address information risk vulnerabilities within the areas supported
- EnCE (EnCase/Opentext – EnCase Certified Examiner))
- ACE (AccessData – AccessData Certified Examiner)
- CFCE (IACIS - Certified Forensic Computer Examiner)
- CHFI (EC-Council – Computer Hacking Forensic Investigator)
- GCFA (SANS – GIAC Computer Forensic Analyst)
- GCFE (SANS – GIAC Computer Forensic Examiner)
- GREM (SANS – GIAC Reverse Engineering Malware)
- GASF (Sans – GIAC Advanced Smartphone Forensics
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred 10-12 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-New York-New York
Internal Jobcode: 45183
Job: Information Technology
Organization: Information Security-HR11724
Requisition Number: 1815861