BNY Mellon Careers
Senior Specialist, Information Risk
Information Risk - IC3 Ensures internal controls related to information risk management are sound and effective and drives the implementation of new controls. Possesses understanding of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and supporting legislation such as the Federal Information System Modernization Act of 2014 (FISMA). Possesses an understanding of Security Operations solutions, including but not limited to Tenable SecurityCenter, Trustwave DbProtect, Splunk. Analyzes reports generated on variable frequency from a variety of security solutions to provide timely risk reporting to management. The candidate is able to build queries, alerts, reports and dashboards with Security Information and Event Management (SIEM) solutions such as Splunk. Displays the ability to collaborate with team members (technical and non-technical) to ensure issues are addressed and relevant technical risk information is collected. Make recommendations on remedial actions to address any identified weaknesses from implemented SIEM solutions and supporting vulnerability scanning tools. Assigned business/business partner areas are typically medium to large in size and moderately complex. Incumbents demonstrate a breadth of knowledge of information risk management best practices and a thorough understanding of control and risk management concepts. Recognized as the information risk point of contact and subject matter expert within the assigned business/business partner areas. Assists more senior team members and management with governance, prioritization and execution of information risk programs within the business/business partner area. Contributes to the establishment of risk strategy for the business/business partner area and is responsible for ensuring the implementation of that strategy. Leverages risk control techniques to achieve business objectives. Contributes to the development and sustention of a risk-aware culture and mindset among employees, contractors and service providers. Addresses risk-awareness issues with contractors and temps to ensure they reach an appropriate level of awareness of security issues and their responsibilities. Enforces and communicates risk related policies, practices and guidelines. Leads or co-leads the execution and delivery of business information risk management initiatives specific to a business/business partner area. Contributes to reducing the likelihood of negative reputational and regulatory due to non-compliance with the Banks information risk management policies and standards, including local procedures specific to the assigned business/business partner areas. Begins to build strategic relationships to influence at all levels of the organization. Liaises with other business units, operations, technology, legal and compliance staff. Collaborates with other stakeholders to develop and implement consensual decisions. As necessary, partners with business continuity coordinators to develop disaster test scenarios and methods for managing the resulting hypothetical issues. Supervises, motivates and guides more junior Information Risk roles. No direct reports. Provides technical advice/guidance to less experienced Information Risk roles as needed. Responsibilities are primarily limited to assigned business/business partner areas. However, tasks may produce cross-regional impacts.
Bachelor’s Degree or the equivalent combination of education and experience is required. 5-7 years of experience in information risk preferred. Experience in financial services is preferred. Certified Information Security Management (CISM) or Certified Information Systems Auditor (CISA) security certification preferred.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-District of Columbia-Washington
Internal Jobcode: 70345
Organization: CM - Control Risk Compliance-HR06112
Requisition Number: 1903643