Senior Principal, Information Security

Overview

Principal, Security Architect (Enterprise Security Controls)

Bring your ideas. Make history.
BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the -bank of banks- - 97% of the world-s top banks work with us as we lead and serve our customers into the new era of digital.

With over 238 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we-re approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what #LifeAtBNYMellon is all about.

We-re seeking a future team member in the role of Principal, Security Architect (Enterprise Security Controls) to join our Information Security Division

In this role, you-ll make an impact in the following ways:

As a Principal, Security Architect - you will support the design and implementation of enterprise security controls for applications that are deploying changes to production, while leading initiatives in support of delivery toll gate processes, metrics, and automation.

Key Responsibilities:

• Participate in delivery program toll gate processes such as Permit to Design (PTD), Permit to Build (PTB) and Permit to Operate (PTO).
• Perform security assessments and control verification for applications requesting permission to deploy Production changes.
• Lead the adoption and integration efforts for new controls into the PTO workflow and approval process. Coordinate integration initiatives.
• Identify appropriate artifacts and evidence that demonstrates compliance with security requirements and ensures control satisfaction.
• Work closely with application teams (-our customers-) across numerous lines of business to effectively guide them through security requirements.
• Assist in ensuring application compliance with bank and regulatory standards.
• Evaluate Architecture Design requirements against the applicable security control requirements and identify gaps and remediation options. Document findings.
• Develop metrics to measure progress and effectiveness across the security control landscape.
• Establish strong working relationships and effective communications across various organizational groups, inside and outside of security. Coordinate meetings with engineering and application teams.
• Research information and train within the Security Architecture and Control Assessment disciplines.
• Supervise the work of Security Architects and Security Analysts.

Qualifications:

• Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
• Minimum 12 years of work experience in cyber security
• Working knowledge of IT control frameworks such as ITIL, NIST 800-53, ISO 27000
• Ability to clearly document security requirements.
• Working knowledge of cyber security, security architecture principles, and Information Technology.
• Assist with all phases of technology enhancements: identify, assess, evaluate, design, build, implement, integrate, automate, and operationalize.
• Understanding of public cloud technologies (Google Cloud Platform, Amazon Web Services or Azure), shared responsibility model for cloud, and experience implementing or assessing cloud security controls.
• Ability to organize many types of documents and meetings on a daily basis, identify and breakdown complex problems and review related information to develop and evaluate options and implement solutions; effectively communicating all phases to vastly different audiences
• Manage own time and coordinate the time of others.
• Ability to listen, understand, and collect information presented through presentations or verbal meetings.
• Certification in one or more of the following is a plus: CISSP, CISA, CISM, CCSK, CCSP, Google Cloud Platform Security Engineer, Azure Security Engineer, or similar.
• Experience in global Financial Services security is preferred

At BNY Mellon, our inclusive culture speaks for itself. Here-s a few of our awards:

• Fortune World-s Most Admired Companies & Top 20 for Diversity and Inclusion
• Bloomberg-s Gender Equality Index (GEI)
• Best Places to Work for Disability Inclusion , Disability: IN - 100% score
• 100 Best Workplaces for Innovators, Fast Company
• Human Rights Campaign Foundation, 100% score Corporate Equality Index
• CDP-s Climate Change -A List-

Employer Description:

For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.

EEO Statement:

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.