The role forms part of the Technology Risk Management organisation at the Bank of New York Mellon. TRM is divided into functional teams globally. The department’s remit includes:
- Technology Assurance & Advisory
- Technology Project Risk Oversight and Mergers and Acquisition / Due Diligence
- Vendor Technology Risk
- Technology Governance and Control
- Technology Risk Intelligence
- Privacy & Data Protection
This role forms part of the Technology Risk Management Assurance & Advisory EMEA team which is responsible for management of risk facing the EMEA region.
As a Technology Risk Specialist your role will be to take the lead in the identification, analysis, mitigation and reporting of technology and information risks in EMEA. Your focus will be to ensure TRM continues to provide a credible challenge to all those managing technology risk at BNY Mellon and that we continue to add value.
TRM provides a Second Line of Defence service by providing oversight and challenge of first line’s identification, assessment and management of risk. This oversight and challenge is implemented across several key services, which include;
- Application Assessments
- Advisory Assessments
- Policy Exceptions
- Service Delivery Management Assurance
TRM-AA supports a yearly plan for Applications (based on their ranking within the Application Priority List) and Advisory assessments owned by the Head of Governance & Strategy. Applications are assessed against a key set of technology controls. Advisory focuses on a particular subject from a line 2 perspective e.g. Remote Access. The role requires interaction with business and technology teams to identify security issues and agree corresponding actions to mitigate, remediate or accept risks.
Policy Exceptions can be identified as a result of assessments or be self-identified as part of a BNYM project. TRM-AA manages exceptions to policy from start to finish by performing an assessment, identifying remediation/mitigation/acceptance of risk and liaising with key stakeholders for approvals.
Service Delivery Management requires oversight and challenge of line 1 technology incidents to assess whether the root cause was identified, potential for recurrence reduced and capacity management is effective.
The Technology Risk Specialist role requires a high standard of communication and collaboration. A high standard of global acumen/stakeholder management and being able to operate well in a virtual team are a critical set of skills for the Technology Risk Specialist to be effective at moving the needle in relation to risk reduction.
Responsibilities: (Key parts to the job role)
- Be a team player delivering TRM services in EMEA, and supporting activities undertaken by the Head of Assurance & Advisory (EMEA) and the Head of Assurance & Advisory (UK & Ireland).
- Supporting key services and other major initiatives that relate to technology and/or information risk and technology regulatory compliance.
- Supporting the global team in their common objectives to be successful; success of the individual is the success of the team.
Requirements; (what we are looking for)
This is a great opportunity for someone with a background in risk management who is looking for experience from a Line 2 perspective within information/cyber risk. You will be able to build upon your understanding of information risk management and contribute to the shape of Line 2 as it evolves.
- Bachelor’s Degree or equivalent working experience in risk management, audit, information security, technology and/or marketing and communications or related discipline.
- A professional qualification, relevant to Information Security (such as MSc, CISSP or CISM);
- Strong experience in a Technology Risk, Information Security or an IT Audit role;
- A thorough understanding of Risk Assessment approaches and methodologies
- A good understanding of normal network infrastructure such as VPNs, firewalls, switches, routers, LANs, etc
- Experience of formal document creation, such as the creation of presentations, reports or procedures
- Experience of carrying out risk reviews, technology audits or other similar work;
- Thorough understanding of the ISO 2700X series of standards and guidelines.
- Strong MS Office skills (core applications - especially Excel).
- Delivery is key and so project Management qualification or practical skills and knowledge of managing and delivering projects, often to tight deadlines.
- Understanding and previous experience of using multiple communications channels to provide information to an internal and external audience.
- General business acumen and commercial awareness, with good global knowledge.
- Knowledge or practical experience of one or more of the following products:
- Archer Technologies SmartSuite Framework.
Experience and Attributes
- Previous experience in identifying, assessing, mitigating and reporting risk, especially technology risk or information risk.
- Excellent organisation and coordination skills.
- Ability to work on own initiative, outlining and developing plans to achieve the overall goals set by management.
- A strong sense of proportionality, reasonableness and cost with respect to risk response.
- Ability to understand and empathise with a diverse range of audiences and stakeholders (Excellent stakeholder management skills), to provide the right services in the right manner.
- Ability to assist on technology risk and control environment initiatives and associated tools and processes.
- Ability to facilitate requirements gathering and be able to communicate risk mitigation strategies, and track remediation.
- Excellent communication skills, both written and verbal, with a pragmatic approach to execution and delivery, and an eye for design and detail.
- Keen willingness to learn new skills and risk qualifications, including CISA, CISM, CISSP, CRISC.
- A keen eye for an opportunity to improve existing process and take the initiative to promote such an enhancement.
- Must be rigorous and thorough – especially when logging and tracking issues through to conclusion
- Candidate must be able to manage their own workload and run several tasks concurrently so as to meet the realistic targets and priorities set in conjunction with management. This is especially important because we work in an environment where priorities can change quickly and with little prior warning. Demonstrate a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
- Demonstrates a calm professional approach, with a good understanding of time constraints and the need to escalate/inform departmental management as appropriate.
- Adapts personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done.
- BNY Mellon often goes through periods of change and it is therefore critical that this person adapts to changes in the organisation and job responsibilities and displays a positive attitude.
- Documentation must be professional, well-structured and presented and require the minimum management review and revision. This is especially important.
- Good at listening and analysing a situation or the information provided.
BNY Mellon is an Equal Employment Opportunity Employer. Primary Location:
- Experience of working in a technology or financial services organisation.
- Personal drive, commitment and great influencing skills, with the ability to manage and coordinate functional forums formed within the department, to deliver risk management programmes worldwide.
Information Risk Management-HR06032Requisition Number: