Senior Group Manager, Information Security - Vulnerability Management Global Lead
As a global investmentscompany, BNY Mellon can act as a single point of contact for clientslooking to create, trade, hold, manage, service, distribute or restructureinvestments, and safeguarding nearly one-fifth of the world's financial assets.Every day, our Technology employees make this happen while also seeking out newways to do it more efficiently and effectively.
As partof BNY Mellon's global Technology organization, you will have the opportunityto engage with some of the best and brightest technology/business/financialminds to find new and better ways to exceed our clients' expectations and buildthe future of financial services. With more than 230 years of industry leadingexperience under our belts, you might even say that we are the originalfintech.
AtBNY Mellon, Cyber Security
is a top priority for both technologyand the business. The members of the Information Security Division
areon constant alert using their creativity and knowledge of cyber security,technology and business processes to develop and deliver creative solutions. Inthis fast-paced environment, our teams collaborate to respond to current riskswhile identifying and anticipating future threats. Our cyber capabilitiesencompass the full spectrum of services from Cyber Operations (SOC, CyberThreat Intelligence, Vulnerability Management, Cyber Incident Response,Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insiderthreat) to Cyber Architecture and Engineering (Network, Platform, Cloud, andApplications Security).
Weprovide a robust set of cyber services that provide full scope protection andresponse capabilities across the BNY Mellon enterprise. We help ourbusinesses, the bank's executive team, and our board of directors understandcyber security risk and the steps to take to create and maintain a secureenvironment that drives innovation. TheRole
Aspart of our Information Security Division leadership team, we are looking forour Vulnerability Management Global Lead
.You will be responsible foridentifying, prioritizing and tracking of vulnerabilities. You will drive vulnerabilitymanagement including the maintenance, upgrading, and strategy of acomprehensive enterprise vulnerability management program.
Youwill be the Information Security Senior Resource to interact with all areas of ourTechnology teams; and would continue to develop a set of mature securitystandards and best practices for identifying, prioritizing, and driving remediationof known vulnerabilities. You will be skilled at empowering our organization tounderstand risk, develop effective strategies and effectively safeguard ourbrands.
Inthis leadership role, you will focus on developing, designing and implementingvulnerability management technologies and process within a large internationalbanking brand. As a Senior Leader, you will manage, oversee, and direct a teamof highly technical security specialists that proactively probe our infrastructureand network for vulnerabilities and security threats. These security assessmentactivities are guided by the latest threats and evolving cyber security risks
Youwill have a wide breadth of knowledge across security products, tools, andindustry trends along with the ability to create solutions using a pragmatic,risk-based approach KeyResponsibilities:
- Assesses security threats and vulnerabilitiesusing structured methodologies such as NIST working across the InformationTechnology organization to design and implement vulnerability managementprocesses that drive down existing vulnerabilities.
- Working across the Information Technologyorganization to design and implement best practices for proactively ensuringnew products and services are rolled out in a vulnerability free manner.
- Through enterprise wide analytics and on-goingcollaboration, provide the Information Security Division the ability to combinethe threat intelligence, research, best practices, and leadership to performfact based risk and decision analysis when addressing general and specificsecurity threats.
- Provide thought leadership on emerging threats,working closely with the Technology teams to implement short-gap remediationactivities and compensating controls to reduce risk while identifiedvulnerabilities are being addressed
- Define resource, training, and technologyrequirements to ensure the success of the team's mission.
- Maintain and evolve a mature set ofvulnerability management processes covering all areas of technology.
- Consolidate application and infrastructurevulnerabilities into one risk focused view to help guide senior management riskand remediation decisions.
- Develop, build and implement a mature and robustset of metrics and reports
- Responsible for operation of vulnerabilityassessment tools, scanning, researching and analyzing vulnerabilities,identifying relevant threats, corrective action recommendations, summarizingand reporting results.
- Analyze security events and engage with theTechnology teams and Business units to resolve identified vulnerabilitieswithin SLAs.
- Identify and resolve any false positive findingsin assessment results.
- Partner with Security Governance to ensureappropriate visibility
- Oversee Remediation Activities such as managementof tracking and remediation of vulnerabilities by leveraging agreed upon actionplans and timelines with vendors and support teams.
- Validate remediation by reviewing vulnerabilityresults and providing status updates
- Recommend appropriate policy, standards, processand procedural updates as part of comprehensive remediation solutions.
- Oversee the development and execution of EthicalHack and penetration testing plans, reporting and tracking of findings
- Partner closely with the Governance, Risk andCompliance teams
- Collaborate with other senior leaders in ISDorganization to ensure security standards and needs are being assessed for newand existing initiatives.
- Build and Manage Roadmap and Strategy for theVulnerability Management team.
Sr.Group Manager, Information Security->> Manages multiple teams responsible for organization data protection. Oversees and develops policies regarding CTS security architecture, security monitoring and auditing, incident reporting/response and forensics. Leads and oversees broad information security projects and resourcing. Liaises with business process owners to ensure ongoing alignment. Participates in the planning and implementation of security for complex CTS projects. Evaluates security applications and systems. Presents recommendations on whether to use systems to senior management. Demonstrates advanced ability to conduct cost-benefit analysis to justify investment in security and/or COB controls to mitigate risks. Presents advanced analyses to senior management with recommendations aligning customer/business needs and capabilities. Evaluates new and emerging products and technologies, recommending which technologies to implement, develops functional specifications and documentation. Monitors budgets and schedules for projects conducted by teams and ensures they are completed in a timely manner. Recruits, directs, motivates and develops staff, maximizing their individual contribution, their professional growth and their ability to function effectively with their colleagues as a team. Manages multiple information security teams. Contributes to the achievement of multiple teams' objectives. Qualifications
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
- Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
- 12+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
- Experience in Information Technology with afocus on Vulnerability Management positions including Vulnerability scanning,VM metrics, risk assessment and reporting, ethical hack and pen testing.
- Solid understanding of Operating system securityconcepts
- Understanding of malware, emerging threats,attacks, and vulnerability management
- Strong deductive reasoning, critical thinking,problem solving, and prioritization skills
- Ability to work in a fast-paced team environment
- Ability to develop detailed process andprocedure documentation
- Knowledge of common information securitymanagement frameworks, including but not limited to: ISO 27001/27002, ITIL,COBIT and NIST with a demonstrated ability to engage with technical andbusiness professionals
- Ability to present complex solutions and methodsto both technical and non-technical stakeholders
- Excellent written and verbal communication andorganizational skills
- Strong team player who collaborates well withothers to solve problems
- Working knowledge of hardware /softwarearchitecture and domains in IT operations with a focus on governance, risk andcompliance
- Knowledge of products which discover and providerisk assessment scanning tools, risk analytics, etc.
- Exceptional interpersonal, team building,mentoring, and leadership skills with a demonstrated ability to gain the confidenceand respect of senior level executives
- Fluency in LANs, WAN, VPNs, Routers, firewalls,and IDS/IPS systems
- Strongly detail oriented and results focused
- Must be authorized to work in the United States
Minorities/Females/Individuals With Disabilities/Protected Veterans. Primary Location:
United States-New York-New York Internal Jobcode:
Information Technology Organization:
Information Security-HR11724 Requisition Number: