Group Manager, Information Security (EMEA)

Job Description

For over 230 years, the people of BNY Mellon (BNYM) have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNYM can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNYM remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNYM across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. 

BNYM Technology provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. BNYM Technology provides employees with the tools and resources to enhance their professional qualifications and careers. Our competence lies in bringing together the finest talent in the market and seamlessly integrating technology, strategy and innovative methodologies to craft customized solutions for our clients.

As part of BNYM Technology, Information Security Division (ISD) is tasked with safeguarding the Bank and ensuring that we operate safely and securely, protecting our business, our clients, and our colleagues from the potential impacts of information security threats.

Role Overview:

The Bank of New York Mellon SA/NV is seeking an established information security professional for a role in a complex, challenging and rewarding environment. We are recruiting for a Group Manager, Information Security to provide information security subject matter expertise in the operating context of our legal entities across the EMEA region, to monitor and assess the service delivery to the legal entities, and to provide challenge and influence on behalf of the legal entities to the global information security programme. This is an excellent opportunity to establish a new role, build important relationships across the region, and drive the information security agenda.

Role Description:

The successful role holder will:

• Have primary responsibility to the legal entities in region, ensuring that the delivery of the global information security programme is fit for purpose and that any issues with the delivery are assessed and communicated to the relevant stakeholders;

• Have primary responsibility to the legal entities in region to assess their specific information security requirements against the global information security programme and, as necessary, see that those needs are communicated and satisfactorily addressed;

• Developing an understanding of the business direction and priorities, opportunities and challenges to prioritise regional, and as necessary global, information security focus;

• Maintain a direct reporting line to the Chief Information Officer (CIO) of the Bank of New York Mellon SA/NV, and a dotted reporting line to the Head of Information Security EMEA;

• Prepare information security reports and briefings for, and present as and when necessary, to relevant legal entity stakeholders including but not limited to: Technology Risk and Governance Fora, Business Risk Committees, Executive Committees and Boards;

• Drive continuous improvements in the quality and value of the information security reporting and communications to the legal entities;

• Partner with Risk Management, Legal, Compliance and Regulatory Affairs teams to understand and communicate any new/emerging regulations that may impact information security programme delivery to the legal entities;

• Provide a legal entity view of any necessary regional information security policies and standards and provide feedback on global policies and standards which may conflict with regional regulations;

• Work with legal entity representatives to ensure that existing and new business processes are compliant with information security policies and standards. Constructively challenging existing processes where necessary;

• Support the Head of Information Security EMEA with the execution and delivery of any legal entity specific ISD projects;

• Work closely with global ISD and Technology teams to ensure that the relevant threat landscape is properly assessed and communicated, that interests are secured against the prevailing information threats, and that the legal entities’ security posture meets or exceeds accepted industry standards and expected best practice;

• In consultation with the SA/NV CIO, Office of the EMEA CIO and the Head of Information Security EMEA, assist in the development, management and maintenance of an effective legal entity information security governance framework;

• Provide a legal entity point of contact to the Information Security Incident Response process and participate in incident and investigation resolution as necessary;

• Perform other duties as required from time to time by the Head of Information Security EMEA and the SA/NV CIO.


The successful candidate is likely to come from a technology, security specialist or engineering background but will also possess the well-developed communications and influencing skills necessary to simplify potentially complex issues and communicate them to legal entity stakeholders.

• Experience of information security including but not limited to: security operations, threat intelligence, incident response, security monitoring, information risk and compliance;

• Demonstrable ability to develop relationships with senior stakeholders, both business and technology, across complex business and legal entity structures;

• Good understanding of information security (both technical and business-focused);

• Understanding of the regulatory environment in which the regional legal entities operate;

• Knowledge of, and demonstrable experience working with, IT security controls, information security regulations, and risk management;

• Hands-on knowledge of industry standard frameworks (ISO 2700x, NIST CSF), best practices (OWASP, CSA, etc.), and regulations (MIFID2, PSD2, GDPR, etc.);

• Remains informed on trends and issues in the Information Security space, including current and emerging technologies;

• Ability to interpret and present complex information security information to a range of audiences, both technical and non-technical and at all levels of the organisation.

Qualifications Required for this Role:

• An under-graduate (e.g. BSc) degree in computer science or a related discipline, or equivalent work experience, is required; a graduate degree (e.g. MSc) is desirable; 

• At least three (3) to five (5) years of working in an Information or IT Security department, or equivalent technology experience, is required; 

• A background in Financial Services, or another highly regulated sector, is highly desirable; 

• One or more recognised (and current) professional information security certifications would be beneficial, such as CISM, CISSP, CRISC, or CISA.

BNY Mellon is an Equal Employment Opportunity Employer.

Primary Location: Ireland-Dublin-Dublin
Job: Information Technology
Internal Jobcode: 60287
Organization: Information Security-HR11724
Requisition Number: 1916478