BNY Mellon Careers
Senior Group Manager, Information Security (Head of Information Security, APAC & LATAM)
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart.
Make your mark: www.bnymellon.com/careers
BNY Mellon Technology provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. BNY Mellon Technology provides employees with the tools and resources to enhance their professional qualifications and careers. Our competence lies in bringing together the finest talent in the market and seamlessly integrating technology, strategy and innovative methodologies to craft customized solutions for our clients.
Information security department (ISD) within BNY Mellon Technology protects all our intellectual assets from the prying cybersecurity threats using the best in class processes, technologies and through the finest talents.
- Provide regional vision and strategies necessary to ensure the confidentiality, integrity, and availability of BNY Mellon information assets by communicating information security risks to senior management, creating and maintaining enforceable policies and supporting processes, and ensuring compliance with regulatory requirements.
- To support these activities, the head of information security will be collaborating with various internal stakeholders such as technology, risk & compliance, legal, internal audit & business stakeholders as well as external stakeholders such as auditors, regulators, clients and vendors in representing and providing local / regional support for the ISD services thereby contributing to the achievement of overall ISD objectives.
- Leading change, building relationships, managing supply chain, managing finance, leading people and core behaviors (flexibility, pragmatism, initiative, decision making, culture awareness & resilience).
Essential Duties & Responsibilities
- Oversee the establishment and implementation of any necessary country / entity / regional level cybersecurity policies and standards in addition to providing feedback on global policies and standards which may conflict with local regulations.
Partner with risk management and compliance to understand and communicate any new/emerging regulations impacting cybersecurity strategy, processes and procedures. Direct an ongoing, proactive risk assessment program for all new and existing systems and remain familiar with the organization’s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
Communicate with multiple teams and executive management to ensure support for the cybersecurity strategy and provide updates to relevant boards and committees where required. Communicate risks and recommendations to mitigate risks to the senior management by communicating in non-technical, cost/benefit terms and in a format relevant to senior management so decisions can be made to ensure the security of information systems and information entrusted to the organization.
Serve in a primary interface and support role in concert with technology risk management, information risk officers for cybersecurity discussions with external stakeholders such as regulators and clients.
Point of contact for local business lines, partners and regulators for the cybersecurity Services Program. Represent regional cybersecurity agenda in the global ISD management meeting through regular forums and relay consistent message across various regional & legal entity oversight committees.
Work closely with the ISD & technology teams that are distributed globally to ensure the landscape is safe, protected against the latest threats and meet best practice & emerging standards in the cybersecurity domains. Lead the execution and delivery of any local/regional ISD projects.
Serve as the regional representative for various verticals within the cybersecurity space such as vulnerability management, cyber incident response, cyber threat intelligence, data leakage prevention, forensics and drive the team to ensure that proper protections are in place. Contribute to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
Develop, manage and maintain an effective cybersecurity governance framework in line with the local regulatory & statutory requirements.
Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the manager, and obtaining certifications relevant to job duties.
The head of information security for APAC & LATAM will have matrix reporting into Managing Director, Cybersecurity Strategy & Architecture and Regional CIO. This role may have direct reports and matrix team members.
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
At least 15 years of extensive experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
Security certification is beneficial, such as CISM, CISSP, CRISC, CISA.
Experience of building and managing successful security teams, covering many different cybersecurity responsibilities including security operations, threat intelligence, incidence response, architecture, and compliance. Managerial responsibilities at this level include a full range of supervisory responsibilities including the responsibility for staffing and performance management as well as budgeting and planning functions.
Proven ability in developing strong partnerships with senior management teams across complex businesses. In-depth understanding of Cybersecurity (technical and governance). Excellent knowledge and experience around security architecture, IT security controls, cybersecurity regulations and risk management.
Hands-on knowledge of industry standard frameworks (ISO 2700x, NIST, CRAF, etc.), best practices (OWASP, CSA, etc.), and regulations (TRM, GDPR, etc.) Hands-on experience with cybersecurity tools will be preferred.
Excellent communication skills & ability to interpret and present complex technical information across all levels of the organization.
BNY Mellon is an Equal Employment Opportunity Employer.
Primary Location: Singapore-Singapore-Singapore
Job: Information Technology
Internal Jobcode: 60316
Organization: Information Security-HR11724
Requisition Number: 1906489