BNY Mellon Careers

Senior Specialist, Technology Risk Management

Wroclaw, Poland
Risk


Job Description

Team Overview:

 

The role forms part of the Technology Risk Management (TRM) organisation at BNY Mellon. TRM is divided into functional teams globally.

The department’s remit includes:

  • Risk Assurance
  • Policy & Awareness
  • Regulatory & Compliance
  • Metrics & Reporting

This role forms part of the Risk Assurance team. 

 

 

Job Purpose:

 

Senior Specialist is the most senior, non-manager role in TRM Poland team. The role main responsivities are:

  • Driving the interpretation and enforcement of technology risk policies across the business and evaluating its technology risks.
  • Supporting development of End-to-end technology risks picture of BNYM Services and key technology initiatives.
  • Contributing to the development of the organizational technology risk management framework and strategy, and collaboration with other subject matter experts to determine appropriate methods, policies and procedures for enforcing adherence to the framework.
  • Second line of defense Risk Acceptance for new, changed and existing systems in accordance with the BNY Mellon Information Security Policies, Standards and Procedures.
  • Works with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.
  • Project Consultancy for new, changed and existing systems in accordance with the BNY Mellon Information Security Policies, Standards and Procedures.
  • Works with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.
  • Ad-hoc requests for TIR support/guidance
  • Attending key meetings across the organization
  • Working with our Vendor Technology Risk / Third Party Governance teams to help assess risks at service providers and vendors.
  • Being a leader for less experienced team members
  • Horizontal Assessments – Assessing risks in relation to a particular theme or technology across the organization. Examples could be assessments on the firewall change process, applications processing >$5m per day, applications hosted in the cloud etc.
  • Vertical Assessments - Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.

Responsibilities: (Key parts to the job role)

  • Leading major technology risk and control effectiveness initiatives, projects and assessments.
  • Supporting management of major technology risk initiatives pertaining to Cyber Security, IT Security Architecture, Information and Data Management, Information Protection, IT Asset Management, Incident Management, and others.
  • Supporting team heads in managing the department. 

Qualifications

Must have:

  • Demonstrated ability to deliver
  • IT Risk experience (+5 years) and/or
  • InfoSec experience (+5 years)
  • Excellent stakeholder management and communication (verbal and written) skills – demonstrated ability to influence a global organization at a senior-most management level
  • Natural curiosity and confidence with a willingness to respectfully challenge stakeholders
  • Leadership and time management skills
  • At least one information risk and/or security qualification (CISSP, CRISC, CISM or equivalent)

Requirements:

  • Strong experience in a Technology Risk, Information Security or an IT Audit role;
  • A professional qualification, relevant to Information Security (such as MSc, CISSP or CISM);
  • A thorough understanding of Risk Assessment approaches and methodologies;
  • A good understanding of normal network infrastructure such as VPNs, firewalls, switches, routers, LANs, etc.;
  • Experience of formal document creation, such as the creation of presentations, reports or procedures;
  • Experience of carrying out risk reviews, technology audits or other similar work;
  • Thorough understanding of the ISO 2700X series of standards and guidelines; and
  • Strong MS Office skills (core applications).
  • Other professional qualifications/memberships, relevant to Information Security (Institute of Information Security professionals, CISA or QICA).
  • Previous managerial experience would be an asset.

Good to have:

  • IT Audit experience
  • Frameworks and best practices knowledge (NIST, ISO 27000, OWASP etc.)
  • Project Management experience

 

 

If you apply for this role this means you agree with the following statement:

 

Through my application for a role with BNY Mellon (Poland) sp. z.o.o. (the Company) I hereby authorize the Company to process my personal data for the purposes of recruitment. Furthermore I declare that I am aware of the voluntary submission of data and I am informed about the right to access the data and the right to correct it, pursuant to the Personal Data Protection Act of 29 August 1997 (Journal of Laws [Dz.U] No. 133, item 883)”. I authorise the Company to process my personal data for future recruitment processes.

Furthermore, I authorize BNY Mellon and its’ affiliates, Taleo (UK) Limited to process my personal data.

BNY Mellon and affiliates registration details.-

BNY Mellon (Poland) sp. z.o.o Registered office – Swobodna 3, 50-088 Wroclaw

The Bank of New York Mellon (International) Limited – 1 Canada Square, London, E14 5AL

The Bank of New York Mellon SA/NV – 46 Rue Montoyerstraat, B-1000 Brussels, Belgium

Taleo (UK) Limited Registered office - 78-586 Chiswick High Road, London W4 5RP, United Kingdom,

Please note that during the recruitment process you may be asked to provide further information and supporting documents. The information provided may be verified and reviewed, to the extent permitted by the law, as to their veracity and accuracy.


BNY Mellon is an Equal Employment Opportunity Employer.

Primary Location: Poland-Dolnoslaskie-Wroclaw
Job: Risk
Internal Jobcode: 85301
Organization: Technology Risk Mgmt-HR06032
Requisition Number: 1817707