Cyber Security Third Party Governance Technical Analyst

BNYM is seeking an initiative-taking professional to join its Cyber Security Third Party Governance (CTPG) team. The successful candidate will work in a technically diverse and dynamic environment with a team of Cyber Security professionals responsible for the assessment, analysis and governance of cyber security for third party vendors. The successful candidate will have deep technical and assessment skills to identify vendor cyber vulnerabilities that puts the BNYM at risk.

The individual works closely with the Cyber TPG Security Leader, Business Sourcing Leads (BSL), enterprise sourcing, technology risk management, engagement managers, business teams and vendors on identified cyber risks in vendor environments. This requires both good oral and written communications skills and the ability to negotiate. Must be able to keep sensitive information confidential and know how to use appropriately.

Key Roles & Responsibilities of this position include, but are not limited to:

Assess the cyber security risk of third party vendors with an appropriate level of detail

• Travel to vendor locations for on-site assessments
• Interface with enterprise sourcing, technology risk management, business teams and engagement management on vendor cyber security issues identified
• Review and challenge vendor evidence for issue closure
• Assist in the design and implementation Cyber TPG related processes and tools
• Define and create relevant metrics, presentations and reports
• Review the cyber related attestations by third parties such as SOC2 and ISO 27001 and report any observations for further review and tracking
• Review vendor risk reports created by internal and external entities for impacts to cyber security
• Keep up to date on the latest trends, methodologies and tools related to third party
• Interface with industry coalitions working on third party cybersecurity issues

Qualifications

• Bachelor’s degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred. Industry certifications such as CISSP or CISM a plus
• 10+ years of experience in cyber security related activities required
• Firsthand experience in performing control-level technical cyber risk assessments
• In-depth technical knowledge in 1-2 cyber domains
• Experience in the securities or financial services industry is a plus
• Experience in third party governance and related tools is strongly desired but not required
• Ability to manage multiple projects and priorities
• Familiarity with various global regulations and industry standards concerning cyber security
• Strong verbal and written communication skills

Maintains the effectiveness of enterprise-wide information security strategy including related programs, processes and initiatives. May allocate/coordinate work within a team/project. Assists in the development, implementation and enforcement of corporate-wide security policies, procedures and standards. Assists in consulting with the business and operational infrastructure personnel regarding new and existing technologies and appropriate security architectures, practices and procedures. Reviews and analyzes more complex data and information to provide insights, conclusions and actionable recommendations produces advanced reports, analyses, findings, etc. Works closely with IT infrastructure and software engineering applications development to ensure integrity of security procedures, systems, and policies. Works with developers to ensure proper completion of all risk assessments within policy and procedures. Contributes to the achievement of related teams’ objectives. Bachelor’s degree in computer science or a related discipline, or equivalent work experience required, 6-8 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.. BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals with Disabilities/Protected Veterans. Our ambition is to build the best global team – one that is representative and inclusive of the diverse talent, clients and communities we work with and serve – and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.