Overview

Technology Services Group (TSG) keeps BNY Mellon's technology running and defines and executes the firm’s technology strategy, positioning us for tomorrow. From the computers and collaboration tools of our employees to modernized infrastructure platforms and core services, we ensure that the firm’s systems are running optimally while enabling business innovation and productivity. We also oversee BNY Mellon’s architecture and data, guiding the firm through technology changes necessary to execute business strategies.

Data and Analytics Solutions (D&A) is a public- and private-cloud-based software and content offering that builds client-centric data, technology, and content capabilities. Operating with the skill and agility of a fintech. D&A combines the expertise and resources of the Eagle product suite (data management, accounting, and performance) and Intermediary Analytics sales and distribution data. The offering also includes a suite of new cloud-based products and other BNY Mellon technology and data assets. Moreover, the division further extends BNY Mellon’s Asset Servicing capabilities in securities and cash into the world’s most important asset class, data.

Technology Governance, Risk, and Controls Role Overview:
We are seeking a Governance, Risk, and Compliance (GRC) professional that will join an established compliance program within a complex, challenging and rewarding environment.. This is an excellent opportunity to take up an existing role within the team and help to drive the GRC agenda for our various Cloud initiatives and product/service offerings.

Role Description:
    • Drive continuous control improvements in the quality and value of the services we provide to our stakeholders.
    • Work closely with our technology and information risk management communities across the organization.
    • Develop a detailed understanding of the business direction and priorities, opportunities and challenges to inform and prioritize risk management focus.
    • Perform other duties as required from time to time by the Head of Technology Governance and Controls, or the CIO.
    • Consults on a senior level and provides professional support for major components of the company's information security infrastructure.
    • Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments.
    • Consults with the business and operational infrastructure personnel regarding new and existing technologies.
    • Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes highly complex data and information to provide insights, conclusions and actionable recommendations.
    • Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles.
    • Addresses high risk security concerns or incidents.
    • Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.

Skills and Experience Required for this Role:

The successful candidate could come from almost any sector, industry or organization that already operates a rigorous GRC capability. They will bring with them a wealth of experience managing risk for business and technology. They will also possess the highly developed communications and influencing skills necessary to simplify potentially complex issues and gain commitment and buy-in from key stakeholders.
    • Experience working in previous GRC roles and ability to demonstrate a comprehensive understanding of GRC topics.
    • Demonstrable ability to develop relationships with senior stakeholders, both business and technology, across complex business and legal entity structures.
    • Ability to interpret and present complex GRC topics to a range of audiences, both technical and non-technical and at all levels of the organization.
    • Hands-on knowledge of industry standard frameworks (e.g. ISO 2700x, NIST CSF, NIST SP800 series, external assessment frameworks (SOC1/SOC2) and privacy regulations (GDPR, etc.);
    • Remain informed on trends and issues in the GRC space, including current and emerging technologies.
    • Self-starter, quick-learner, accustomed to working autonomously and with minimal brief.

Qualifications Required for this Role:
    • Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
    • 2-3 years of experience in information security or related technology experience required
    • Experience in governance, risk and compliance is highly desirable
    • Experience in the securities or financial services industry is a plus
    • At least three (3) to five (5) years of working in risk or control management role, or equivalent experience, is highly preferred 
    • Experience of working in a Software Development organization, a Cloud-native organization and/or the Financial Services sector (or another highly regulated sector), is highly desirable 
    • One or more recognized (and current) professional information security certifications would be beneficial, such as CISM, CISSP, CRISC, or CISA. 

Our offer 
•    Full time contract of employment
•    City Centre locations close to main railway station and flexible working arrangements
•    Flexible benefits package, including life and medical insurance, health screening, fitness discount programme, employee assistance program
•    Award-winning Wellbeing Program supporting you with your unique health and wellbeing needs
•    Pension scheme 
•    On-site childcare and a parental buddy programme
•    Exciting opportunities for career and global mobility
•    Diverse and inclusive environment
•    Employee Referral Program
•    Recognition programmes
•    A multitude of opportunities to get involved in charity projects and Employee Resource Groups (ERGs)

Employer Description:

For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.