Principal, Technology Risk Management

Job Description

  • Directs the strategic technology risk program within a business area, multiple business areas and/or across regions while advising on and guiding technology risk management on appropriate risk and control frameworks specific to each area or region, governance, policies, methods, standards, processes and reporting.
  • Develops the strategy for interpreting and enforcing technology risk policies pertaining to the assigned area, areas or regions.
  • Directly influences the development of the organizational technology risk management framework and strategy, and collaborates with other risk management leaders to prioritize global risks, identify areas to create business value, streamline technology development and identify areas where additional technology risk training is needed.
  • Anticipates, communicates and addresses impacts from changes to the framework.
  • Is extensively familiar and adept at influencing the assigned business area, multiple business areas and/or regions to drive the enforcement of technology risk policies, standards and regulatory requirements.
  • Applies expert understanding of control and risk management concepts, security systems and applications in order to interpret the technology risk needs of the assigned business area, areas or regions and communicates relevant information, risk management policies, procedures and guidelines.
  • Directs the business area, areas or regions' technology risk and control environment initiatives.
  • Applies expert thought leadership and extensive experience with area or regional laws and regulations to the management of existing and anticipated technology risks.
  • Directs application risk analyses and comprehensive risk assessments.
  • Assigns project tasks to more junior professionals.
  • Develops training on effective technology risk management and establishes the schedule for routine training refreshes across business areas and regions.
  • Interprets and uses advanced data and reporting from numerous sources to deliver presentations to business unit leadership and global technology risk management.
  • Performs the highest complexity analyses and identifies trends using an expert understanding of technology risk metrics (KRIs, KPIs).
  • Influences the establishment of business unit and/or business partner area KPIs that ensure compliance with legal and regulatory requirements.
  • Responsible for building a highly effective technology risk culture and establishing and communicating technology risk policies, procedures and guidelines.
  • Advises the business leadership and technology risk managers on appropriate use of technology risk support tools to develop technology risk policy content.
  • Uses industry knowledge and extensive experience to influence the choice of tools used by the organization.
  • Leads remediation activities for highly complex technology risk issues for the assigned business area, areas or regions and assigns tracking tasks to more junior professionals.
  • Activities often have potentially significant monetary consequences for the organization.
  • Enforces adherence to existing controls and compliance with laws and regulations and identifies opportunities for control methodology revisions.
  • Communicates technology risk matters to global senior business management and regional management.
  • Uses relationships to drive compliance with the technology risk management framework and ensure implementation of all necessary technology risk management improvements and recommendations.
  • Enforces a consistent global approach to technology risk management execution and reporting.
  • Develops the architecture, design and implementation methods for the network security architecture and relevant security controls for the business area, areas or regions in partnership with senior IT roles.
  • Determines the needs for adjustments and improvements and takes full ownership of internal and external IT projects and applications for technology risk issue management projects.
  • Ensures adherence to security policies, industry best practices and security controls. facilitates reviews following the completion of projects to identify security breaks and complete remediation.
  • No direct reports; provides guidance to more junior team members and assigns tasks. Directs the achievement of team objectives. Modified based upon local regulations/requirements.  


  • Bachelor's degree or the equivalent combination of education and experience is required.
  • 10-12 years of total work experience preferred. Experience in Technology, Information Security and/or technology risk preferred.
  • Knowledge of security systems and applications preferred. At least one security clearance preferred.

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Our ambition is to build the best global team – one that is representative and inclusive of the diverse talent, clients and communities we work with and serve – and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.

Primary Location: United States-New York-New York
Internal Jobcode: 85302
Job: Risk
Organization: Risk-HR06016
Requisition Number: 2001315