Grp Mgr,Information Security
Group Manager, Information Security EMEA Information Security Division (ISD)
For over 230 years, the people of BNY Mellon (BNYM) have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNYM can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNYM remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNYM across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart.
Make your mark: www.bnymellon.com/careers BNYM Technology provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. BNYM Technology provides employees with the tools and resources to enhance their professional qualifications and careers. Our competence lies in bringing together the finest talent in the market and seamlessly integrating technology, strategy and innovative methodologies to craft customized solutions for our clients.
As part of BNYM Technology, Information Security Division (ISD) is tasked with safeguarding the Bank and ensuring that we operate safely and securely, protecting our business, our clients, and our colleagues from the potential impacts of information security threats. Role Overview:
ISD EMEA is seeking an established information security professional that is ready to step up to a leadership role in a complex, challenging and rewarding environment. We are recruiting for a Group Manager, Information Security for the EMEA region to work closely with, and deputise for, the existing Head of Information Security EMEA in their role as the Global CISO's regional representative. This is an excellent opportunity to establish a new role, build important relationships across the region, and drive the information security agenda.
The successful role holder will: •Have primary responsibility for supporting the Head of Information Security EMEA in representing, and providing regional support for, ISD's services and contribute to the achievement of overall ISD objectives in the region; •Assist the Head of Information Security EMEA with the matrix management of approximately twenty (20) colleagues across the region; •Prepare information security reports and briefings for, and present as and when necessary, to a range of stakeholders across the region including but not limited to: Technology Risk and Governance Fora, Business Risk Committees, Executive Committees and Boards; •Drive continuous improvements in the quality and value of the information security reporting and communications in the region; •Partner with Risk Management, Legal, Compliance and Regulatory Affairs teams to understand and communicate any new/emerging regulations that may impact regional or global information security programme delivery as well as strategy, processes and procedures; •Work closely with our technology and information risk management communities in the region; •Support the implementation of any necessary regional information security policies and standards and provide feedback on global policies and standards which may conflict with regional regulations; •Act as an alternate point of contact for regional business lines, partners and regulators for the Global Information Security Programme; •Developing an understanding of the business direction and priorities, opportunities and challenges to prioritise regional, and as necessary global, information security focus; •Working with regional business representatives to ensure that existing and new business processes are compliant with information security policies and standards. Constructively challenging existing processes where necessary; •Support the Head of Information Security EMEA in representing ISD across the region and acting as an alternate point of contact for all information security matters relevant to the regional legal entity structure; •Lead the execution and delivery of any regional ISD projects; •Work closely with global ISD and Technology teams to ensure that the regional threat landscape is properly assessed and communicated, that regional interests are secured against the prevailing information threats, and that the regional security posture meets or exceeds accepted industry standards and expected best practice; •In consultation with the Head of Information Security EMEA and EMEA CIO, assist in the development, management and maintenance of an effective regional information security governance framework; •Provide a regional point of contact to the Information Security Incident Response process and participate in incident and investigation resolution as necessary; •Perform other duties as required from time to time by the Head of Information Security EMEA, the Global CISO or the EMEA CIO. Qualifications Skills Required for this Role:
The successful candidate is likely to come from a technology, security specialist or engineering background but will also possess the highly-developed communications and influencing skills necessary to simplify potentially complex issues and gain commitment and buy-in from business stakeholders.
•Experience of information security including but not limited to: security operations, threat intelligence, incident response, security monitoring, information risk and compliance; •Demonstrable ability to develop relationships with senior stakeholders, both business and technology, across complex business and legal entity structures; •Excellent understanding of information security (both technical and business-focused); •Solid understanding of the regulatory environment in which the regional businesses operate; •Good knowledge of, and demonstrable experience working with, IT security controls, information security regulations, and risk management; •Hands-on knowledge of industry standard frameworks (ISO 2700x, NIST CSF), best practices (OWASP, CSA, etc.), and regulations (MIFID2, PSD2, GDPR, etc.); •Remain informed on trends and issues in the Information Security space, including current and emerging technologies; •Ability to interpret and present complex information security information to a range of audiences, both technical and non-technical and at all levels of the organisation. Qualifications Required for this Role:
•An under-graduate (e.g. BSc) degree in computer science or a related discipline, or equivalent work experience is required; a graduate degree (e.g. MSc) is preferred; •At least five (5) to seven (7) years of working in an Information or IT Security department, or equivalent technology experience, is required; •A background in Financial Services, or another highly regulated sector, is highly desirable; •One or more recognised (and current) professional information security certifications would be beneficial, such as CISM, CISSP, CRISC, or CISA. BNY Mellon is an Equal Employment Opportunity Employer. Primary Location:
United Kingdom-Greater London-London Job:
Information Technology Internal Jobcode:
Information Security-HR11724 Requisition Number: