Information Risk - The Investment Management Senior Information Risk Officer Works with Investment Management senior and line of business management roles to develop controls related to information risk management and cybersecurity and ensure their effectiveness. Assigned business/business partner areas are large and highly complex. Incumbents demonstrate extensive knowledge of information risk and cybersecurity management best practices and a specialized understanding of the assigned business/business partner areas control and risk management environment. Has a conceptual understanding of the specific risks that exist within the assigned business/business partner area and how these risks may be addressed. Recognized throughout the organization as the information risk point of contact for a particular business/business partner area and business risk appetite. Assist senior management and may lead the execution and delivery of business information risk management initiatives specific to the business/business partner area. In partnership with management, establishes the risk strategy for the business/business partner area and is accountable for ensuring the implementation of that strategy.
Leverages complex risk control techniques to achieve business objectives. Develops and sustains a risk-aware culture and mindset among employees, contractors and service providers. Addresses risk-awareness issues with contractors, temps and more junior team members to ensure they reach an appropriate level of awareness of security issues and their responsibilities. May identify and advise management on existing and potential risk-awareness deficiencies. May be assigned privacy program initiatives. Leads the execution and delivery of business information risk management initiatives specific to a business/business partner area. Develops and leads the implementation of strategies to reduce the likelihood of reputational and regulatory impacts due to non-compliance with the Banks information risk management policies and standards, including local procedures specific to the business/business partner area. Uses existing strategic relationships to influence at all levels of the organization. Leads negotiations/interactions with other business units, operations and technology, legal and compliance staff. Collaborates with other stakeholders and develops and influences their decisions.
Leads work resulting from these decisions. Partners directly with business continuity coordinators to develop disaster test scenarios and methods for managing the resulting hypothetical issues. No direct reports. Oversees, advises and guides less experienced Information Risk roles and may direct their work. Responsibilities are primarily specialized to address the information risk management, cybersecurity and possibly privacy/data protection needs of a particular business/business partner area and business risk appetite. However, tasks often produce cross-regional impacts.
Qualifications - External
Bachelor's Degree or the equivalent combination of education and experience is required.
7-10 years of experience in information risk preferred.
Experience in financial services is preferred. Certified Information Security Management (CISM) or Certified Information Systems Auditor (CISA) or CISSP (Certified Information Systems Security Professional) security certification preferred
Experience with privacy / data protection and/or access management a plus
Demonstrated problem solving; critical thinking and analytical ability, experience with privacy/security investigations preferred.
Good decision-making skills, moral/ethical standards, teamwork/collaboration, multi-tasking, detail orientation, and exceptional organization skills
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans.
Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.