BNY Mellon Careers

Senior Specialist, Technology Risk Management

Wroclaw, Poland

Job Description

Overview Of BNY Mellon:   BNY Mellon is a global financial services company focused on helping clients manage and service their financial assets, operating in 35 countries and serving more than 100 markets. BNY Mellon is a leading provider of financial services for institutions, corporations and high-net-worth individuals, providing superior asset management and wealth management, asset servicing, issuer services, clearing services and treasury services through a worldwide client-focused team.  



Technology Risk Management

Technology Risk Management is a part of the Chief Risk Office, which is the Bank’s second line of defense. TRM partners with business lines to enable technology solutions whilst helping BNY Mellon to effectively manage cyber and information technology risks.


We made risk management agile. We believe that unrestricted collaboration and continuous conscious reprioritization are key to effective execution, so we took an innovative approach to risk management and applied agile practices to manage our daily work.


Here your work makes impact every day. Non-hierarchical organization supports free-flowing communication and empowers employees to take initiative. Your voice is heard and your actions seen.


Continuous development is important to us. We support our employee careers through professional development trainings, stretch goals and feedback culture.



Job Purpose:


Senior Specialist is the most senior, non-manager role in TRM Poland team. The role main responsibilities are:

  • Driving the interpretation and enforcement of technology risk policies across the business and evaluating its technology risks.
  • Supporting development of End-to-end technology risks picture of BNYM Services and key technology initiatives.
  • Contributing to the development of the organizational technology risk management framework and strategy, and collaboration with other subject matter experts to determine appropriate methods, policies and procedures for enforcing adherence to the framework.
  • Second line of defense Risk Acceptance for new, changed and existing systems in accordance with the BNY Mellon Information Security Policies, Standards and Procedures.
  • Works with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.
  • Project Consultancy for new, changed and existing systems in accordance with the BNY Mellon Information Security Policies, Standards and Procedures.
  • Works with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.
  • Ad-hoc requests for TIR support/guidance
  • Attending key meetings across the organization
  • Working with our Vendor Technology Risk / Third Party Governance teams to help assess risks at service providers and vendors.
  • Being a leader for less experienced team members
  • Horizontal Assessments – Assessing risks in relation to a particular theme or technology across the organization. Examples could be assessments on the firewall change process, applications processing >$5m per day, applications hosted in the cloud etc.
  • Vertical Assessments - Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.


Responsibilities: (Key parts to the job role)

  • Leading major technology risk and control effectiveness initiatives, projects and assessments.
  • Supporting management of major technology risk initiatives pertaining to Cyber Security, IT Security Architecture, Information and Data Management, Information Protection, IT Asset Management, Incident Management, and others.
  • Supporting team heads in managing the department. 


Must have:

  • Demonstrated ability to deliver
  • IT Risk experience (+5 years) and/or
  • InfoSec experience (+5 years)
  • Excellent stakeholder management and communication (verbal and written) skills – demonstrated ability to influence a global organization at a senior-most management level
  • Natural curiosity and confidence with a willingness to respectfully challenge stakeholders
  • Leadership and time management skills
  • At least one information risk and/or security qualification (CISSP, CRISC, CISM or equivalent)


  • Strong experience in a Technology Risk, Information Security or an IT Audit role;
  • A professional qualification, relevant to Information Security (such as MSc, CISSP or CISM);
  • A thorough understanding of Risk Assessment approaches and methodologies;
  • A good understanding of normal network infrastructure such as VPNs, firewalls, switches, routers, LANs, etc.;
  • Experience of formal document creation, such as the creation of presentations, reports or procedures;
  • Experience of carrying out risk reviews, technology audits or other similar work;
  • Thorough understanding of the ISO 2700X series of standards and guidelines; and
  • Strong MS Office skills (core applications).
  • Other professional qualifications/memberships, relevant to Information Security (Institute of Information Security professionals, CISA or QICA).
  • Previous managerial experience would be an asset.

Good to have:

  • IT Audit experience
  • Frameworks and best practices knowledge (NIST, ISO 27000, OWASP etc.)
  • Project Management experience


What we can offer you:

  • Full time contract of employment
  • Competitive salary
  • Health & Life Insurance
  • Multisport card / Cinema Tickets / Nursery subsidiary
  • Pension scheme
  • Excellent opportunities for training, growth and professional development
  • Opportunities to engage in diverse projects due to growth of business migrations
  • A multitude of opportunities to get involved in additional charity projects
  • A collaborative culture and great teams


If you apply for this role this means you agree with the following statement:


Through my application for a role with BNY Mellon (Poland) sp. z.o.o. (the Company) I hereby authorize the Company to process my personal data for the purposes of recruitment. Furthermore I declare that I am aware of the voluntary submission of data and I am informed about the right to access the data and the right to correct it, pursuant to the Personal Data Protection Act of 29 August 1997 (Journal of Laws [Dz.U] No. 133, item 883)”. I authorise the Company to process my personal data for future recruitment processes.

Furthermore, I authorize BNY Mellon and its’ affiliates, Taleo (UK) Limited to process my personal data.

BNY Mellon and affiliates registration details.-

BNY Mellon (Poland) sp. z.o.o Registered office – Swobodna 3, 50-088 Wroclaw

The Bank of New York Mellon (International) Limited – 1 Canada Square, London, E14 5AL

The Bank of New York Mellon SA/NV – 46 Rue Montoyerstraat, B-1000 Brussels, Belgium

Taleo (UK) Limited Registered office - 78-586 Chiswick High Road, London W4 5RP, United Kingdom,

Please note that during the recruitment process you may be asked to provide further information and supporting documents. The information provided may be verified and reviewed, to the extent permitted by the law, as to their veracity and accuracy.

BNY Mellon is an Equal Employment Opportunity Employer.

Primary Location: Poland-Dolnoslaskie-Wroclaw
Job: Risk
Internal Jobcode: 85301
Organization: Technology Risk Mgmt-HR06032
Requisition Number: 1817707