Drives the strategic technology risk program within a business area, multiple business areas and/or across regions while advising on and guiding technology risk management tasks completed by senior business managers and professional technology risk staff. Drives the interpretation and enforcement of technology risk policies pertaining to the assigned area, areas or regions. Contributes to the development of the organizational technology risk management framework and strategy, and collaborates with other subject matter experts to determine appropriate methods, policies and procedures for enforcing adherence to the framework - as appropriate for each business area or region - and determining impacts from changes to the framework. Is extensively familiar and adept at influencing the assigned business area, multiple business areas and/or regions to drive the enforcement of technology risk policies, standards and regulatory requirements.
Applies broad, deep understanding of control and risk management concepts, security systems and applications in order to interpret the technology risk needs of the assigned business area, areas or regions and communicates relevant information, risk management policies, procedures and guidelines. Directs the business area, areas or regions' technology risk and control environment initiatives. Applies understanding of and extensive experience with area or regional laws and regulations to the management of existing and anticipated technology risks.
Independently facilitates application risk analyses and comprehensive risk assessments. Assigns project tasks to more junior professionals. Assesses and determines the business area, areas or region's need for additional training and support on technology risk management. Interprets and uses advanced data and reporting from numerous sources to deliver presentations to business unit and/or business partner area leaders and management. Performs the highest complexity analyses and identifies trends using an advanced understanding of technology risk metrics (KRIs, KPIs). Directly contributes to the establishment of business unit and/or business partner area KPIs that ensure compliance with legal and regulatory requirements.
Drives efforts to promote a highly effective technology risk culture and to enforce and communicate technology risk policies, procedures and guidelines. Advises the business management and technology risk managers on appropriate use of technology risk support tools to develop technology risk policy content. Uses industry knowledge to influence the choice of tools used by the organization.
Executes remediation of highly complex technology risk issues for the assigned business area, areas or regions and assigns tracking tasks to more junior professionals. Enforces adherence to existing controls and compliance with laws and regulations and may assess opportunities for control methodology revisions.
Serves as the primary point of contact for technology risk matters for the assigned business area, areas or regions and provides an expert level of written and verbal support to stakeholders. Applies influence to ensure the availability of technology risk input requirements, to build consensus on risk mitigation and remediation strategies among global and regional stakeholder groups and to ensure they are prepared for the business impacts from changes to technology risk policies and standards.
Reviews the architecture, design and implementation of network security architecture and relevant security controls for the business area, business areas or regions and decides on the need for adjustments and improvements. Directs information security improvement projects and/or reviews and approves or rejects submissions from IT groups for future projects. Facilitates reviews following the completion of projects to identify resulting security breaks and complete remediation.
No direct reports; provides guidance to more junior team members and assigns tasks, as needed.
Contributes to the achievement of team objectives.
Modified based upon local regulations/requirements.
Qualifications Bachelor s degree or the equivalent combination of education and experience is required. 7-10 years of total work experience preferred. Experience in Technology, Information Security and/or technology risk preferred. Knowledge of security systems and applications preferred. At least one security clearance preferred.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-Pennsylvania-Pittsburgh
Internal Jobcode: 85301
Organization: Technology Risk Mgmt-HR06032
Requisition Number: 1910109