We made risk management agile. We believe that unrestricted collaboration and continuous conscious reprioritization are key to effective execution, so we took an innovative approach to risk management applied agile practices to manage our daily work.
Here your work makes impact every day. Non-hierarchical organization supports free-flowing communication and empowers employees to take initiatives. Your voice is heard and your actions seen.
You are the right fit for this role if you:
Have the skills in risk identification and management of process across all aspects of Technology.
Have ability to maintain the effectiveness of enterprise -wide information security strategy including related programs, processes and initiatives.
- Assessing the current adequacy of the security strategy, business continuity/disaster recovery plans, threats to systems, and then calculating the impact of potential adverse events.
Audits and assessments mut be continual, sas the threat profiles change constantly.
Ensures management are kept up to date on the results of the risk assessment and make recommendations for mitigations, or projects to protect their systems or cover potential losses.
Continually improve the quality of the risk management – through evaluation of communication security, data vulnerability, business continuity and compliance risks.
Self-identification of risks even before it occurs
Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
Identify vulnerabilities or weaknesses in systems
Examine employee compliance with security controls and deficiencies
Evaluate security policy, processes and procedures for completeness
Ensure that controls are adequate to protect sensitive information systems
Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
Provide mitigation/damage reduction proposals
7+ years of total experience in IT Risk and/or InfoSec
Significant knowledge in 2 or more: Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, BCM & DR
Proficiency in written and spoken English (It would be a plus if the candidate understands another Asian language – Mandarin/Japanese) to support the APAC Business segments
- Excellent time management skills
- Drive to execute
Excellent stakeholder management and communication (Verbal and written) skills
Confidence to respectfully challenge stakeholders
- Ability to quickly adopt to quick changes
- Ability to summarize complex technology issue
- IT Audit experience
- Project Management experiment
Information risk and/or security qualification (CISSP, CRISC, CISM or equivalent
BNY Mellon is an Equal Employment Opportunity Employer.
Primary Location: Singapore-Singapore-Singapore
Job: Information Technology
Internal Jobcode: 60157
Organization: Clearing Markets ISS Svcs Tech-HR16624
Requisition Number: 1905999