Group Manager, Information Security->> Manages a medium to large-sized or multiple small teams responsible for organization data protection. Oversees CTS security architecture, security monitoring and auditing, incident reporting/response and forensics. Leads and oversees information security projects and resourcing. Liaises with business process owners to ensure ongoing alignment.
Responsible for the development and delivery of CTS security and/or COB standards to ensure information system security across the business. Directs the monitoring of the utilization and effectiveness of security resources. Develops and implements processes and methods for auditing and addressing non-compliance and information security and/or COB standards. Provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities.
Monitors budgets and schedules for projects conducted by teams and ensures they are completed in a timely manner. Recruits, directs, motivates and develops staff, maximizing their individual contribution, their professional growth and their ability to function effectively with their colleagues as a team. Manages one or more information security teams.
Contributes to the achievement of team objectives.
Position Overview: As a manager in Insider Risk you will be responsible for outward communication to the firm in the form of training & awareness, policy enhancements and risk assessments. For training & awareness, this role will develop insider risk content and work with key stakeholders in Human Resources to deliver training using existing channels. Responsibilities also include identifying awareness opportunities to incorporate targeted insider risk knowledge into new or existing channels on a more frequent basis. You will be responsible for reviewing new and existing policies for alignment to insider risk controls and working with relevant owners to incorporate changes as required. This role also includes expanding insider risk assessments into other areas of the business and internationally.
This is a challenging and rewarding position that provides an opportunity to communicate insider risks to the firm and integrate a control mindset into the culture. While insider risk background is preferred, this role will be supported by insider risk SMEs. For all three components of this role, strong relationship building and collaboration along with assessments, training and policy experience is required to be successful.
* Recommend and implement innovative solutions, modifications and enhancements to existing security training and awareness programs and forums to educate on insider risk.
* Develop comprehensive training content for stakeholders, employees and contractors on insider risk behaviors using electronic/web-based, and/or multimedia training methods and formats.
* Evaluate vendor offerings, provide training requirements to vendors, and oversee vendor content development.
* Partner with key stakeholders across the firm to productionize, distribute and track training.
* Create an awareness strategy for delivering periodic targeted insider risk material to the firm, using multiple different formats and distribution channels to reach the widest audience to keep the message relevant to growing risks.
* Evaluate effectiveness of training and awareness programs, utilizing appropriate data collection instruments and procedures and adjust as necessary to maximize impact.
* Lead a team of independent insider risk experts to assess the capability/maturity of people, process and technology controls to support Insider threat mitigation in expanded areas of BNY Mellon in both the US and internationally.
* Partner with other cyber assessment teams to perform an integrated assessment for key stakeholders.
* Identify relevant policies and review the appropriateness of insider risk controls. Work with key stakeholders to recommend policy changes as needed.
* Become incorporated into the ISD policy creation workflow to provide feedback on insider risk controls in new policies.
* Provide management briefings on progress across training & awareness, policy enhancements and risk assessments, including status reporting via metrics.
* Information security or risk management experience required, insider risk experience a plus.
* Experience in performing control assessments, policy/standards and training & awareness.
* Demonstrated ability to work with technical subject matter experts and translate that information seamlessly to non-technical employees and stakeholders
* Ability to prioritize and balance multiple projects simultaneously
* Excellent communication skills and the ability effectively collaborate with technical and senior business staff and management.
* Outstanding interpersonal skills and the ability to thrive in a team environment.
* Willingness to travel globally as needed for assessments.
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred. 10+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-New York-New York
Internal Jobcode: 45287
Job: Information Technology
Organization: Information Security-HR11724
Requisition Number: 1903398
Associated topics: chief program officer, cpo, manage, manager, management, monitor, product manager, project manager, relationship manager, task