Principal, IT Risk Analyst - Third Party Governance
What You'll Be Doing:
Clearing, Markets & Issuer Services Technology (CMIST) is responsible for application development and support for critical business systems including Repo Edge (collateral management), Enterprise Payment Hub (multi-currency payment processing), and Broker Dealer Clearance (securities clearing), along with approximately 350 other applications used by the following high-priority business services and their clients.
The CMIST Centers of Excellence govern best practices across the organization. Supporting functions include financial planning, portfolio / program / project management, technology risk management, as well as communications and employee engagement. The teams also provide strategic guidance for enterprise technology programs for application resiliency and infrastructure modernization. In addition, the COEs are responsible for production application administration and incident management, as well as mainframe development and quality engineering standards.
As a member of the Clearing, Markets and Issuer Services Technology (CMIST) Risk & Compliance Team, this role is responsible for setting the strategy for identifying, analyzing, monitoring, reporting, and minimizing information technology risks within their assigned portfolio. As a senior member of the CMIS Technology Risk team, this role will be responsible for defining, documenting and communicating standardized and proactive processes for technology risk identification, treatment, monitoring and reporting. Supports the assigned line of business in gathering information and preparing for all tech risk related reporting and meetings, i.e. internal and external audit, regulatory interaction, as well as the Key Risk Review and related meetings. Collaborates with the assigned Application managers to ensure tracking and timely remediation of risks is occurring. Supports the Risk and Control Self-Assessment (RCSA) and High Level Assessment (HLA) processes for the assigned portfolio within CMIST. Coordinates the issue and exception/acceptance processes, including self-reported issues. Provides consultative guidance on the prioritization of remediation efforts and supports new initiatives by implementing a "baked-in" automated control measurement and monitoring.
This position will be responsible for the tracking, managing and monitoring of CMIST Technology related vendors and engagements. This position will also follow up to ensure that all enterprise related third party governance requirements are met. This includes reviewing third party standards, controls, requirements and ensuring that there are adequate technology controls to align to BNY Mellon Technology Controls. Manages the activities of a large-sized team or mulitple market data services teams supporting integrated market data solutions. Identifies and evaluates market data vendors and monitors new developments in the market data industry. Ensures that the acquisition, use and distribution of third party content is appropriately leveraged, in compliance with all contractual terms and conditions, and that it further expands the products and profitability of the business. Leads the contract negotiation process by working with business, finance and legal teams. Responsible for securing contracts that leverage a global scale and presence. Participates in vendor selection, approvals and post-execution management of rights and obligations. Formulates and supports the execution of strategies to drive effectiveness of market data services teams. Ensures costs are kept to the minimum and revenues are maximized by continuously and proactively seeking savings and favorable revenue shares from agreements. Principal IT Risk Analyst - Third Party Governance ->>
Identifies, analyzes, monitors and minimizes the most complex areas of risk that pertain to information technology vendors. Leads coordination with third-party governance and line of business technology teams. Provides high value input into risk reports on highly complex issues. Leads high-impact and complex projects that involve working with the businesses to improve controls that would mitigate any deficiencies. Ensures controls meet regulatory and organization standards. Develops and improves risk systems, methodologies and limits. Recommends and leads any resulting change needed to mitigate risk. Contributes to the achievement of area objectives. Qualifications Who We're Looking For:
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
- Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
- 10-12 years of related experience required
- Experience in the securities or financial services industry is a plus
- ISACA certifications preferred
- Experience in technolgy third-party relationship management strongly preferred
Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums. Primary Location:
United States-Pennsylvania-Pittsburgh Internal Jobcode:
Information Technology Organization:
Clearing Markets ISS Svcs Tech-HR16624 Requisition Number: