Overview
Bring your ideas. Make history.
BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the "bank of banks" - 97% of the world's top banks work with us as we lead and serve our customers into the new era of digital.
With over 238 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we're approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what #LifeAtBNYMellon is all about.
Want more jobs like this?
Get Software Engineering jobs in Chennai, India delivered to your inbox every week.
We're seeking a future team member for the role of Group Manager Information Security to join our team. This role is located in Pune/Chennai - HYBRID/REMOTE
This position is for a Cybersecurity Operations Leader to supplement the firm's Cyber-Security Monitoring function, and who will act as a "working manager" to both:
(1) Directly supervise and manage a team of SOC Analysts covering 2 shifts (6a-3p and 12:30p-9:30p) and;
(2) regularly demonstrate technical thought leadership when engaging with the SOC Analysts and other Cyber Operations teams
Normal schedule: 45-50 hours, roughly from 9a-6p local + extra hours as required to complete assigned work, on-call duties, and other commitments.
On-Call Duties:
- M-F: 6 hours daily as SOC Escalation Manager: mostly overlaps your normal workday, (e.g. 8a-2p)
- Weekend: 48-hours as On-Call SOC Manager, approx. 15 weekends per year
- Ad Hoc Emergency: 24x7x365 Incident Response On-Call duties.
The supervisory aspects of the role will include but are not limited to responsibility for goal-setting and performance review of staff, staff engagement, training & retention, member scheduling and leave management, expense processing, and workflow, procedure & documentation requirements definition.
The technical thought leadership aspects of the role include (but are not limited to) encouraging and influencing the team, developing formal processes to enable and ensure the effective combination of team, tools and process with regard to incident triage workflow.
The overall team scope includes:
- Manage proper escalation of potential incidents, meeting SLAs and accuracy goals; provide investigative support to other Cyber Operations teams (such as Incident Response, Forensics and Threat Intelligence); ensure accuracy of team annotation in cases and all systems of record.
- Execute and improve evidence-based investigation case notation, process, and attachments, including analysis of network data (e.g., packets, logs), endpoint data (e.g., logs, malicious artifacts) in both structured and unstructured formats, available contextual data (e.g. entitlements, asset inventory) and metadata.
- Engage, improve, and promote best-practices with regard to ongoing reports from SOC analysts. Distill relevant information related to reports and findings and manage appropriate escalation/communications to the Global SOC Manager, Head of Cybersecurity Operations & Resiliency, and the Chief Information Security Officer (CISO).
- Actively support and coordinate with Cybersecurity Leadership / Information Security department on regional priorities including presentation development and Security Monitoring service delivery.
- Execute assigned and identified improvement areas related to reporting and metrics related to Security Monitoring team output by designing dashboards for management review and asset owners.
- Support the SOC Audit Response Team in creating redacted evidentiary artifacts when needed to ensure all audit requests are delivered accurately and on time.
- Work with business-internal application, technology, engineering, and infrastructure owners to expand the scope of log and use case coverage of the Security Monitoring service based on business need and changes in threat landscape.
- Pursue ongoing coverage, quality, and documentation goals with regard to SIEM log ingestion, enrichment, modeling, and correlation; escalate and coordinate log issues to the relevant cyber engineering teams.
- Work closely with the use case development team members to progress strategic and tactical use cases (alert detection rules) according to industry best practices, threat models, and constantly changing attack vectors.
- Ensure the development of Security Orchestration, Automation and Response (SOAR) playbooks to automate and streamline repeatable triage and investigation actions.
- Provide feedback to security control owners to help tune their environments based on the results of triage and investigations.
- Enthusiastically work to improve the quality of Security Monitoring operations.
- Contribute and guide the quality documentation of process and procedures related to team collaboration and security event triage and incident response workflow.
- Ensure the team develops training and technical knowledge of Cyber Next Generation Technologies with a particular focus on Security Monitoring in Public Cloud & Digital Assets
- Prior Security Operations management experience: specifically, responsibility for SIEM correlated-event monitoring, triage, investigation, and escalations.
- 10-12 years of experience in information security management or related technology experience.
- Bachelor's degree in computer science or a related discipline, or equivalent work experience required. Advanced degree preferred. Experience in the securities or financial services industry is a plus.
- Strong verbal and written communication skills, including the ability to provide technical thought leadership on security incident investigation calls with other technology teams, and the ability to translate and simplify complex technical concepts for consumption by non-technical audiences.
- SIEM technologies (Splunk, Security Essentials, SPL, Common Information Model & SE Datamodels)
- Network technologies (NAC, ISD/IPS, WAF, Firewalls, Load Balancing, Switches/Routers, OSI model, IP layers 2-7, PCAP, Netflow, BGP ASN)
- Server technologies (Mainframe, Linux/UNIX, Windows)
- Endpoint technologies (Desktops, Laptops, VDI, Mobile)
- Application protocols (DHCP, DNS, HTTP, TLS, LDAP, SOAP, MQ, REST, FTP, TN3270, etc.)
- Authentication protocols (Kerberos, SiteMinder, JWT, OAUTH2)
- Threat Frameworks (Mitre Att&ck, Lockheed-Martin CyberKillChain)
- Audit & Regulatory Frameworks including but not limited to Swift CSP, SOC1/SOC2, ISO/IEC 27001, PCI DSS, NSYDFS, FFIEC, FINRA, CBEST, GDPR
- SaaS services (O365, SalesForce.com)
- Atlassian Products (Confluence, JIRA Software, JIRA Core)
- Splunk, ML Toolkit, UBA
- Service Now
- Public Cloud (Azure, GCP, AWS)
- Digital Assets
- Fortune World's Most Admired Companies & Top 20 for Diversity and Inclusion
- Bloomberg's Gender Equality Index (GEI)
- Human Rights Campaign Foundation, 100% score Corporate Equality Index
- Best Places to Work for Disability Inclusion , Disability: IN - 100% score
- 100 Best Workplaces for Innovators, Fast Company
- CDP's Climate Change 'A List'
BNY Mellon offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves that can support you and your family through moments that matter. BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.
Employer Description:
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.