Sr. Specialist, IT Risk Analyst
What You'll Be Doing:
Clearing, Markets & Issuer Services Technology (CMIST) is responsible for application development and support for more than 350 critical business systems including Repo Edge (collateral management), Enterprise Payment Hub (multi-currency payment processing), and Broker Dealer Clearance (securities clearing).
The CMIST Centers of Excellence govern best practices across the organization. Supporting functions include financial planning, portfolio/program/project management, and technology risk management, as well as communications and employee engagement. The teams also provide strategic guidance for enterprise technology programs for application resiliency and infrastructure modernization, as well as production application administration and incident management, mainframe development, and quality engineering standards. IT Risk Analyst, Sr Specialist->>
Identifies, analyzes, monitors and minimizes highly complex areas of risk that pertain to information technology. Leads coordination with application, development, disaster recovery and data security teams. Provides high value input into risk reports on complex issues. Presents reports to the business areas and IT risk management. Leads complex projects that involve working with the businesses to improve controls that would mitigate any deficiencies. Ensures controls meet regulatory and organization standards. Develops and improves risk systems, methodologies and limits. Remains aware of market trends to determine potential risks to the organization. Recommends and leads any resulting change needed to mitigate risk. Contributes to the achievement of area objectives. Responsibilities:
• Assessing the current adequacy of the security strategy, business continuity/disaster recovery plans, threats to systems, and then calculating the impact of potential adverse events.
• Audits and assessments must be continual, as the threat profiles change constantly.
• Ensures management are kept up to date on the results of the risk assessment and make recommendations for mitigations, or projects to protect their systems or cover potential losses.
• Continually improve the quality of the risk management - through evaluation of communication security, data vulnerability, business continuity and compliance risks.
• Self-identification of risks even before it occurs
• Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
• Identify vulnerabilities or weaknesses in systems
• Examine employee compliance with security controls and deficiencies
• Evaluate security policy, processes and procedures for completeness
• Ensure that controls are adequate to protect sensitive information systems
• Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
• Provide mitigation/damage reduction proposals Qualifications Who We're Looking For:
• Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
• 8-10 years of related experience required
• Experience in the securities or financial services industry is a plus.
• ISACA certifications such as CRISC, CISA, CISSP preferred.
• Experience defining, implementing and monitoring IT risk management programs, including cyber security related risks
• Experience understanding design and operating effectiveness of IT controls and industry related frameworks.
• 7+ years of total experience in IT Risk and/or InfoSec
• Significant knowledge in at least 3 or more areas of IT general controls, such as: Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, BCM & DR
• Excellent time management skills
• Drive to execute
• Excellent stakeholder management and communication (Verbal and written) skills
• Confidence to respectfully challenge stakeholders
• Ability to quickly adopt to quick changes
• Ability to summarize complex technology issue
• IT Audit experience
• Project Management experiment
• Information risk and/or security qualification (CISSP, CRISC, CISM or equivalent BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums. Primary Location:
United States-New York-New York Internal Jobcode:
Information Technology Organization:
Clearing Markets ISS Svcs Tech-HR16624 Requisition Number: