* Lead the development of cybersecurity framework and design processes to consume the framework and measure the result
* Performs ISO 27001 security assessments of applications, infrastructure and/or business processes
* Supports the ISMS risk assessment and/or audit
* Provides IT areas and the businesses with professional support to address gaps identified during assessments
* Evaluates new and current risk issues identified through the BNYM risk assessment, exceptions to policy and audit/regulatory processes and work with the business and/or SIROs to create risk treatment requirement (RTR) remediation to close out the gap/s found
* Prepares for and supports the annual ISO 27001 certification reviews by external auditors
* Supports functions of Senior Information Risk Officer in Information Security Division, follows up with service owners for action items, and communicates with risk/audit teams
* Prepares and delivers reports and presentations to multiple levels of management.
* Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations to improve the overall risk level
* Ensures that all significant security concerns identified are addressed
* Contributes to the achievement of area objectives
* Manages multiple ongoing projects and relationships while responding to unplanned, critical needs.
* Interacts with senior members of the Company, external parties and senior business partners. Ability to develop and retain relationships is important, in addition to oral and written communications skills. Teamwork and management are critical.
* Familiarity with various information security/privacy frameworks or standards (e.g., NIST Cyber Security Framework, GDPR, FFIEC, etc.) a plus
* Familiarity with risk governance tools used for the risk assessment process and/or other regulatory assessments would be a plus
* Should be a self-learner and must keep him/herself updated with latest threats and vulnerabilities researched/discovered
* Excellent verbal and written communication skill
Sr. Specialist Information Security Analyst->> Consults with other IT areas and the businesses and provides professional support for major components of the company's information security infrastructure.
Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities. Ensures that all significant security concerns are addressed. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.
* Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred,
* 8- 10 years of experience in cyber security assessment, information security or related technology experience required
* Experience with the industry security standard including performing assessments and participating in certification process
* Experience in the securities or financial services industry is a plus.
* Security certification is likewise beneficial, such as CISSP, CISM or ISO 27001 Lead Implementer, etc.
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-New York-New York
Internal Jobcode: 45155
Job: Information Technology
Organization: Information Security-HR11724
Requisition Number: 1908820
About Bny Mellon
The Bank of New York Mellon Corporation (also known as BNY Mellon) is an investment company that provides investment management, investment services, and wealth management.