Specialist, Information Security

Overview

Bring your ideas. Make history.
BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the "bank of banks" - 97% of the world's top banks work with us as we lead and serve our customers into the new era of digital.

With over 238 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we're approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what #LifeAtBNYMellon is all about.

• This is a team lead position which provides our primary leadership in ISO27001 daily operations. The leadership position leads the offshore Internal Control Review (ICR) team. Contributes to the effectiveness of security-related operations. Provides programming support and assists in project planning for an operational area in information security. Assists in daily oversight of a security sub-component.
• Initiates projects intended to improve operations, client satisfaction with operational support, and development of appropriate standards and procedures for assigned operational area. Participates in evaluation, testing and implementation of emerging control technologies, information systems security issues, safeguards, and techniques applicable to assigned operations area.
• Presents proposed security enhancements to management for approval, funding, and implementation. Reviews and analyzes data and information to provide insights, conclusions, and actionable recommendations, Produces reports, analyses, findings, etc. Screens and selects tools to automate security administration.
• Schedules and evaluates vendor security software through testing and discussions with external business users. Contributes to the achievement of related teams' objectives.
• Lifecycle prioritization of the applications/horizontals
• Support of issues management oversight (i.e., SNOW interface), Risk assessment questionnaire upliftment to ensure bank policies and standard coverage and performing and supporting to annual OCC/FFIEC CAT Assessments. May allocate/coordinate work within a team/project.
• External auditor engagement and external audit related activities. Support of executive summary reporting, gearing ratios, internal requests. Maintains the effectiveness of enterprise-wide information security strategy including related programs, processes, and initiatives.
• Assists in the development, implementation and enforcement of corporate-wide security policies, procedures, and standards. Vendor reviews, periodic interface, and escalations.
• Assists in consulting with the business and operational infrastructure personnel regarding new and existing technologies and appropriate security architectures, practices, and procedures.
• Reviews and analyzes more complex data and information to provide insights, conclusions and actionable recommendations produces advanced reports, analyses, findings, etc.
• Works closely with IT infrastructure and software engineering applications development to ensure integrity of security procedures, systems, and policies.
• Works with developers to ensure proper completion of all risk assessments within policy and procedures
• General ISO 27001 operations (e.g., preparedness reviews, risk assessment RA SLA tracking, escalations, etc.).
• Overseeing contractor risk assessment and other ISO 27001 related operations, review their work, and provide guidance.

• Bachelor's degree in computer science or a related discipline
• 6-8 years of experience in information security or related technology experience required
• ISO 27001 LA Certified or CISA Certified Preferred.
• Experience in the securities or financial services industry is a plus.