BNY Mellon Careers

Sr.Spec'st Info Sec A'lyst-Cloud Governance Strategy

New York, New York; Pittsburgh, Pennsylvania; Florham Park, New Jersey
Information Technology

Job Description

Sr. Specialist Information Security Analyst->> Consults with other IT areas and the businesses and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities. Ensures that all significant security concerns are addressed. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.

Seeking a Cloud Security Governance Analyst who thrives being at the forefront of emerging and disruptive technology solutions and working collaboratively within integrated, cross-functional technology teams to deliver against a comprehensive Cloud Framework that enables Cloud Governance and leads to Cloud transformations. Maintains the effectiveness of enterprise-wide information security strategy including related programs, processes and initiatives. Assists in consulting with the business and operational infrastructure personnel regarding new and existing technologies and appropriate security architectures, practices and procedures. Reviews and analyzes more complex data and information to provide insights, conclusions and actionable recommendations produces advanced reports, analyses, findings, etc. Works closely with IT infrastructure and software engineering applications development to ensure integrity of security procedures, systems, and policies. Works to ensure proper completion of all risk assessments within policy and procedures. Contributes to the achievement of related teams' objectives. Must be comfortable with collaboration as they will interface with leaders to improve the quality of decision making to drive continuous operational improvement.


Core Job Responsibilities:

·         Initiate, review, and decision, as necessary, a review activity that it believes may expose BNY Mellon to excessive risk, including, for example, potential additions of new activities.

·         Work closely with subject matter experts to develop and deliver a complete security architecture solution.

·         Lead technical analysis and recommendations (e.g. evaluate and select vendor security products based on functional, security and operational requirements; review and comment on security architecture)

·         Produce high quality documentation (e.g. Architecture Specifications, System Requirements, Roadmaps, White Papers) to accurately capture and communicate business drivers, technical requirements, system design, and future plans and provide thought leadership at the enterprise level).

·         Compare and evaluate various private, hybrid, and public cloud technologies and tools from technical, functional and financial feasibility.

·         Perform InfoSec risk and control assessments and report on risks to risk owners, recommend mitigation strategies and manage risks through its lifecycle.

·         Build awareness and accountability around IT governance, risk, and compliance control functions.

·         Articulate InfoSec risk into business terms while engaging with stakeholders, product owners, and software engineers.

·         Monitor and track exception to policies (ETP) while collaborating with the security operations team to develop and maintain a dynamic and real-time enterprise Risk Register and/or dashboard.

·         Serve as liaison to business units, legal and vendor management and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions, data privacy).

·         Partner with and support the Engineering team to drive and execute results in a timely manner.



  • 3-5+ years of experience with information security or cyber risk assessment.

  • 4+ years of experience in IT infrastructure product and service control management; policies and standards, business readiness, exceptions management or alignment to the enterprise compliance and risk management accountabilities.

  • Expertise in cloud architecture (SaaS, IaaS and PaaS) and security fundamentals including containers, software-defined networks, high availability design, multi-cloud, and serverless computers.

  • Application experience migrating to or building natively in a cloud environment including monolithic applications, microservices, and functions as a service.

  • Experience with Windows and Linux operating systems.

  • Experience with network architecture, network security, and TCP/IP.

  • Experience with a broad range of application architectures, languages, and financial services technologies a plus.

  • Strong analytical skills for defining strategy, operating model and mitigating potential issues with an effective change management plan.

  • Ability to work independently; Ability to prioritize and multitask. Flexibility and adaptability in work approach.

  • Strong analytical skills for defining strategy, operating model and mitigating potential issues with an effective change management plan.

  • In-depth understanding of PCI DSS, ISO2700x as well as industry security frameworks.

  • Advanced knowledge of risk assessment design and delivery; Knowledgeable of governance, risk and compliance systems.

Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred, 8-10 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Primary Location: United States-New York-New York
Internal Jobcode: 45155
Job: Information Technology
Organization: Information Security-HR11724
Requisition Number: 1906670