Senior Group Manager, Information Security - Vulnerability Management Global Lead

Job Description

As a global investments company, BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments, and safeguarding nearly one-fifth of the world's financial assets. Every day, our Technology employees make this happen while also seeking out new ways to do it more efficiently and effectively.

As part of BNY Mellon’s global Technology organization, you will have the opportunity to engage with some of the best and brightest technology/business/financial minds to find new and better ways to exceed our clients’ expectations and build the future of financial services. With more than 230 years of industry leading experience under our belts, you might even say that we are the original fintech.


At BNY Mellon, Cyber Security is a top priority for both technology and the business. The members of the Information Security Division are on constant alert using their creativity and knowledge of cyber security, technology and business processes to develop and deliver creative solutions. In this fast-paced environment, our teams collaborate to respond to current risks while identifying and anticipating future threats. Our cyber capabilities encompass the full spectrum of services from Cyber Operations (SOC, Cyber Threat Intelligence, Vulnerability Management, Cyber Incident Response, Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insider threat) to Cyber Architecture and Engineering (Network, Platform, Cloud, and Applications Security).  


We provide a robust set of cyber services that provide full scope protection and response capabilities across the BNY Mellon enterprise.  We help our businesses, the bank’s executive team, and our board of directors understand cyber security risk and the steps to take to create and maintain a secure environment that drives innovation.


The Role

As part of our Information Security Division leadership team, we are looking for our Vulnerability Management Global Lead. You will be responsible for identifying, prioritizing and tracking of vulnerabilities. You will drive vulnerability management including the maintenance, upgrading, and strategy of a comprehensive enterprise vulnerability management program. 


You will be the Information Security Senior Resource to interact with all areas of our Technology teams; and would continue to develop a set of mature security standards and best practices for identifying, prioritizing, and driving remediation of known vulnerabilities. You will be skilled at empowering our organization to understand risk, develop effective strategies and effectively safeguard our brands.


In this leadership role, you will focus on developing, designing and implementing vulnerability management technologies and process within a large international banking brand. As a Senior Leader, you will manage, oversee, and direct a team of highly technical security specialists that proactively probe our infrastructure and network for vulnerabilities and security threats. These security assessment activities are guided by the latest threats and evolving cyber security risks

You will have a wide breadth of knowledge across security products, tools, and industry trends along with the ability to create solutions using a pragmatic, risk-based approach


Key Responsibilities:

  • Assesses security threats and vulnerabilities using structured methodologies such as NIST working across the Information Technology organization to design and implement vulnerability management processes that drive down existing vulnerabilities.
  • Working across the Information Technology organization to design and implement best practices for proactively ensuring new products and services are rolled out in a vulnerability free manner.
  • Through enterprise wide analytics and on-going collaboration, provide the Information Security Division the ability to combine the threat intelligence, research, best practices, and leadership to perform fact based risk and decision analysis when addressing general and specific security threats.
  • Provide thought leadership on emerging threats, working closely with the Technology teams to implement short-gap remediation activities and compensating controls to reduce risk while identified vulnerabilities are being addressed
  • Define resource, training, and technology requirements to ensure the success of the team’s mission.
  • Maintain and evolve a mature set of vulnerability management processes covering all areas of technology.
  • Consolidate application and infrastructure vulnerabilities into one risk focused view to help guide senior management risk and remediation decisions.
  • Develop, build and implement a mature and robust set of metrics and reports
  • Responsible for operation of vulnerability assessment tools, scanning, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
  • Analyze security events and engage with the Technology teams and Business units to resolve identified vulnerabilities within SLAs.
  • Identify and resolve any false positive findings in assessment results.
  • Partner with Security Governance to ensure appropriate visibility
  • Oversee Remediation Activities such as management of tracking and remediation of vulnerabilities by leveraging agreed upon action plans and timelines with vendors and support teams.
  • Validate remediation by reviewing vulnerability results and providing status updates
  • Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions.
  • Oversee the development and execution of Ethical Hack and penetration testing plans, reporting and tracking of findings
  • Partner closely with the Governance, Risk and Compliance teams
  • Collaborate with other senior leaders in ISD organization to ensure security standards and needs are being assessed for new and existing initiatives.
  • Build and Manage Roadmap and Strategy for the Vulnerability Management team.


Sr.Group Manager, Information Security->> Manages multiple teams responsible for organization data protection. Oversees and develops policies regarding CTS security architecture, security monitoring and auditing, incident reporting/response and forensics. Leads and oversees broad information security projects and resourcing. Liaises with business process owners to ensure ongoing alignment. Participates in the planning and implementation of security for complex CTS projects. Evaluates security applications and systems. Presents recommendations on whether to use systems to senior management. Demonstrates advanced ability to conduct cost-benefit analysis to justify investment in security and/or COB controls to mitigate risks. Presents advanced analyses to senior management with recommendations aligning customer/business needs and capabilities. Evaluates new and emerging products and technologies, recommending which technologies to implement, develops functional specifications and documentation. Monitors budgets and schedules for projects conducted by teams and ensures they are completed in a timely manner. Recruits, directs, motivates and develops staff, maximizing their individual contribution, their professional growth and their ability to function effectively with their colleagues as a team. Manages multiple information security teams. Contributes to the achievement of multiple teams' objectives.



  • Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
  • 12+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
  • Experience in Information Technology with a focus on Vulnerability Management positions including Vulnerability scanning, VM metrics, risk assessment and reporting, ethical hack and pen testing.
  • Solid understanding of Operating system security concepts
  • Understanding of malware, emerging threats, attacks, and vulnerability management
  • Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
  • Ability to work in a fast-paced team environment
  • Ability to develop detailed process and procedure documentation
  • Knowledge of common information security management frameworks, including but not limited to: ISO 27001/27002, ITIL, COBIT and NIST with a demonstrated ability to engage with technical and business professionals
  • Ability to present complex solutions and methods to both technical and non-technical stakeholders
  • Excellent written and verbal communication and organizational skills
  • Strong team player who collaborates well with others to solve problems
  • Working knowledge of hardware /software architecture and domains in IT operations with a focus on governance, risk and compliance
  • Knowledge of products which discover and provide risk assessment scanning tools, risk analytics, etc.
  • Exceptional interpersonal, team building, mentoring, and leadership skills with a demonstrated ability to gain the confidence and respect of senior level executives
  • Fluency in LANs, WAN, VPNs, Routers, firewalls, and IDS/IPS systems
  • Strongly detail oriented and results focused
  • Must be authorized to work in the United States

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Primary Location: United States-New York-New York
Internal Jobcode: 45316
Job: Information Technology
Organization: Information Security-HR11724
Requisition Number: 1907831