Sr.Princ'l Info Sec A'lyst

Job Description

Who we are:

As a global investments company, BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments, and safeguards nearly one-fifth of the world's financial assets. Every day, our Technology employees make this happen while also seeking out new ways to do it more efficiently and effectively.

As part of BNY Mellon’s global Technology organization, you’ll have the opportunity to engage with some of the best and brightest, technology, business, and financial minds to find new and better ways to exceed our clients’ expectations and build the future of financial services. With more than 230 years of industry leading experience under our belts, you might even say that we are the original fintech.

At BNY Mellon, cybersecurity is a top priority for both technology and the business. The members of the Information Security Division are on constant alert, using their creativity and knowledge of cybersecurity, technology and business processes to develop and deliver creative solutions. In this fast-paced environment, staff collaborate to respond to current risks, while identifying and anticipating future threats. Our cyber capabilities encompass the full spectrum of services from Cyber Operations (SOC, Cyber Threat Intelligence, Vulnerability Management, Cyber Incident Response, Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insider threat) to Cyber Architecture and Engineering (Network, Platform, Cloud, and Applications Security).  Together with the CISO and his leadership team, staff provide a robust set of cyber services that provide full scope protection and response capabilities across the BNY Mellon enterprise.  We help our businesses, the bank’s executive team, and our board of directors understand cybersecurity risk and the steps that must be taken to create and maintain a secure environment that drives innovation.

What you will be doing:

BNY Mellon is searching for an experienced and diversely skilled information security Leader to head up Cybersecurity for India and to cultivate a culture of shared cyber risk ownership, ensuring the confidentiality, integrity, and availability of all corporate assets. The ideal candidate will bring expertise in all things security to the India team.  This is a strategic role will work closely with Leaders in the US will be responsible for the India information security policies and practices, governance and reporting, training and awareness, vulnerability and risk assessment and remediation, and business continuity.  This role requires a deep technical security skillset and “a hardcore cyber technical generalist skillset” across multiple information security and risk controls that would be part of any large organizations’ security program.

Experience should include but not be limited to: Endpoint and server-side controls, information and data protection controls, cloud security controls, understanding of IR and forensic processes, controls and program enhancements, security operations center control stack and maturity, etc. In addition to the technical risk requirements this individual must also possess an understanding and knowledge of business risk and Information Risk Management (IRM) concepts that relate to defining a security strategy across the firm’s business risk function which is part of the corporate security program and supports the business service lines. As such, this role will work closely with and collaborate a great deal with all corporate security leads, the program management office, Information Risk Management as well as the BNY Mellon information technology teams.   This role will require leading and presenting the strategy to the firm’s CIOs, CISO and representing India in the Technical Executive Council, handling Information Security related issues for the region. This person should have discipline in communicating regularly and keeping teams and leaders in India and the US aware of issues and regional specific regulatory standings. The candidate must be able to take complex information and technical security concepts and break them down to audiences that may not be technical and distill in terms of business risks and requirements. In support of the creation of this strategy, the role will also lead and shape information security initiatives as they relate to the architecture and governance of enterprise security solutions, systems, and applications and working with leads to verify, and re-work approaches and strategies as needed. The role will require the candidate to constantly manage the articulation of the vision as well as priorities.  Strong presentation as well as PowerPoint and Excel skills will also be required from the candidate. 

Sr. Principal Information Security Analyst
  • Provides expertise to the global information security program and provides support for complex components of the company's information security infrastructure 
  • Serves as subject matter expert and leads the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments
  • Consults with high level business and operational infrastructure personnel regarding new and existing technologies 
  • Recommends new security tools to management and reports and provides guidance and expertise in their implementation 
  • Reviews and analyzes highly complex data and information leads process of developing reports to provide insights, conclusions and actionable recommendations
  • Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging expert knowledge of globally accepted information security and/or COB principles 
  • Addresses high risk security concerns or incidents 
  • Recommends course of action to mitigate risk and leads process to establish appropriate standards 
  • Contributes to the achievement of Information Security objectives


Who we are looking for:
  • A Bachelor's degree in Computer Science or related equivalent certification, or experience is required; Master’s Degree in Computer Science, Engineering or related field preferred
  • CISSP, CISM, or other relevant information security industry recognized certification required
  • A minimum of 12 years of progressive information security experience across various information security / information technology risk management domains such as but not limited to: server side and endpoint security strategy, mobile security strategy, data protection, identity and access management, public and private cloud security, and forward-looking risk assessment plans, is required
  • 8-10 years of previous client facing and advisory experience desired. Big4 IT risk management consulting experience a major plus
  • Experience in the securities or financial services industry is a plus.
  • Experience in an information security or risk advisory role for regulated environments
  • Attention to detail and demonstrated organization and prioritization skills are required for success in this role
  • Quality assurance and a keen eye on quality of deliverables is required
  • Demonstrated experience in the evaluation, selection and decision-making as it relates to security controls is strictly required
  • Technical aptitude and critical thinking skills while having the ability to think outside the box to solve complex information security problems
  • Ability to observe security risks and weaknesses and provide security recommendations to respective project and delivery teams
  • Ability to translate technical risk issues and distill such issues to common IT business leaders and upper management
  • Understanding of the current information security and IT risk management solutions market and vendor spaces across broad security domains
  • Subject Matter Expert (SME) across the entire IT stack as well as diverse IT systems, networking and security components, applications, and operating systems. Solid understanding as to how to mitigate risks with common controls
  • Ability to think strategically, exceptional attention to detail and organization skills are strictly required
  • Understanding of information risk management frameworks, regulations, data protection guidelines and standards such as NIST Cyber Security Framework (CSF)
  • Experience Transforming organizations and leading large global teams across time zones, cultures and languages
  • Being a strong problem-solver with good communication and collaboration skills
  • Being flexible, a self-starter, and a fast-learner

For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark:

Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.

BNY Mellon is an Equal Employment Opportunity Employer.
Our ambition is to build the best global team – one that is representative and inclusive of the diverse talent, clients and communities we work with and serve – and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.

Primary Location: India-Maharashtra-Pune
Job: Information Technology
Internal Jobcode: 60208
Organization: Information Security-HR11724
Requisition Number: 2000535