Principal, Information Risk

Job Description

Information Risk - IC4 Works with senior and corporate management roles to develop controls related to information risk management and ensure their effectiveness. Assigned business/business partner areas are large and highly complex. Incumbents demonstrate extensive knowledge of information risk management best practices and a specialized understanding of the assigned business/business partner areas control and risk management environment. Has a conceptual understanding of the specific risks that exist within the assigned business/business partner area and how these risks may be addressed. Recognized throughout the organization as the information risk point of contact for a particular business/business partner area and business risk appetite. Assist senior management and may lead the execution and delivery of business information risk management initiatives specific to the business/business partner area. In partnership with management, establishes the risk strategy for the business/business partner area and is accountable for ensuring the implementation of that strategy. Leverages complex risk control techniques to achieve business objectives. Develops and sustains a risk-aware culture and mindset among employees, contractors and service providers. Addresses risk-awareness issues with contractors, temps and more junior team members to ensure they reach an appropriate level of awareness of security issues and their responsibilities. May identify and advise management on existing and potential risk-awareness deficiencies. Leads the execution and delivery of business information risk management initiatives specific to a business/business partner area. May delegate risk management duties to more junior team members. Develops and leads the implementation of strategies to reduce the likelihood of reputational and regulatory impacts due to non-compliance with the Banks information risk management policies and standards, including local procedures specific to the business/business partner area. Uses existing strategic relationships to influence at all levels of the organization. Leads negotiations/interactions with other business units, operations and technology, legal and compliance staff. Collaborates with other stakeholders and develops and influences their decisions. Leads work resulting from these decisions. Partners directly with business continuity coordinators to develop disaster test scenarios and methods for managing the resulting hypothetical issues. Responsible for overseeing the activities of more junior team members and providing guidance to improve their performance. No direct reports. Oversees, advises and guides less experienced Information Risk roles and may direct their work. Responsibilities are primarily specialized to address the information risk management needs of a particular business/business partner area and business risk appetite. However, tasks often produce cross-regional impacts.


Bachelors’ Degree or the equivalent combination of education and experience is required. 7-10 years of experience in information risk preferred. Experience in financial services is preferred.
Experience with Reporting Software and working with Metrics desirable. Certified Information Security Management (CISM) or Certified Information Systems Auditor (CISA) security certification preferred.



BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Primary Location: United States-New Jersey-Woodland Park
Internal Jobcode: 70344
Job: Risk
Organization: CM - Control Risk Compliance-HR06112
Requisition Number: 1911397