Sr Spec, Tech Risk Mgmt ( VP Technology Risk )

Bank of New York Mellon   •  

New York, NY

Not Specified years

Posted 213 days ago

Job Description

The Information Risk Lead Technical Specialist supports the Information Risk Managers driving the strategic information risk program within TRM and business areas supported, while providing advice and guidance to the Information Risk Analysts. S/he will assist and support Senior Information Risk Managers with the development of strategic program elements and provide input to the TRM risk prioritization. Sh/e will interface with regulators serving as a point of contact for regulatory requests/inquiries.

Drives the strategic technologyrisk program within a business area, multiple business areas and/or across regions while advising on and guiding technologyrisk management tasks completed by senior business managers and professional technologyrisk staff. Drives the interpretation and enforcement of technologyrisk policies pertaining to the assigned area, areas or regions. Contributes to the development of the organizational technologyrisk management framework and strategy, and collaborates with other subject matter experts to determine appropriate methods, policies and procedures for enforcing adherence to the framework - as appropriate for each business area or region - and determining impacts from changes to the framework. Is extensively familiar and adept at influencing the assigned business area, multiple business areas and/or regions to drive the enforcement of technologyrisk policies, standards and regulatory requirements. Applies broad, deep understanding of control and risk management concepts, security systems and applications in order to interpret the technologyrisk needs of the assigned business area, areas or regions and communicates relevant information, risk management policies, procedures and guidelines. Directs the business area, areas or regions' technologyrisk and control environment initiatives. Applies understanding of and extensive experience with area or regional laws and regulations to the management of existing and anticipated technologyrisks.

Independently facilitates application risk analyses and comprehensive risk assessments. Assigns project tasks to more junior professionals. Assesses and determines the business area, areas or region's need for additional training and support on technologyrisk management. Interprets and uses advanced data and reporting from numerous sources to deliver presentations to business unit and/or business partner area leaders and management. Performs the highest complexity analyses and identifies trends using an advanced understanding of technologyrisk metrics (KRIs, KPIs). Directly contributes to the establishment of business unit and/or business partner area KPIs that ensure compliance with legal and regulatory requirements. Drives efforts to promote a highly effective technologyrisk culture and to enforce and communicate technologyrisk policies, procedures and guidelines. Advises the business management and technologyrisk managers on appropriate use of technologyrisk support tools to develop technologyrisk policy content. Uses industry knowledge to influence the choice of tools used by the organization. Executes remediation of highly complex technologyrisk issues for the assigned business area, areas or regions and assigns tracking tasks to more junior professionals. Enforces adherence to existing controls and compliance with laws and regulations and may assess opportunities for control methodology revisions. Serves as the primary point of contact for technologyrisk matters for the assigned business area, areas or regions and provides an expert level of written and verbal support to stakeholders. Applies influence to ensure the availability of technologyrisk input requirements, to build consensus on risk mitigation and remediation strategies among global and regional stakeholder groups and to ensure they are prepared for the business impacts from changes to technologyrisk policies and standards. Reviews the architecture, design and implementation of networksecurityarchitecture and relevant security controls for the business area, business areas or regions and decides on the need for adjustments and improvements. Directs information security improvement projects and/or reviews and approves or rejects submissions from IT groups for future projects. Facilitates reviews following the completion of projects to identify resulting security breaks and complete remediation. No direct reports; provides guidance to more junior team members and assigns tasks, as needed. Contributes to the achievement of team objectives. Modified based upon local regulations/requirements.  


Bachelor s degree or the equivalent combination of education and experience is required. 7-10 years of total work experiencepreferred. Experience in Technology, Information Security and/or technologyriskpreferred. Knowledge of security systems and applications preferred. At least one security clearance preferred.

Requisition Number: 1802866