For over 230 years, Bank of New York Mellon (BNY Mellon) has been at the center of the global financial markets, providing the world's leading institutions the tools, capabilities, and services to be distinctive investors. BNY Mellon has approximately $15 billion in revenues and market capitalization of approximately $50 billion. As one of the nation's leading wealth managers, BNY Mellon Wealth Management is dedicated to helping individuals, families, planned giving programs, endowments, foundations and other institutions with all of their wealth and investment planning needs. By providing integrated products, services and solutions, we help them capitalize on opportunity while managing risk. Backed by more than two centuries of experience, we understand our clients' needs and deliver customized strategies to help them reach their goals. Wealth Management has recently embarked on an end-to-end transformation aimed at delivering best-in-class experience for our clients and advisors by reimagining our platforms, workflows and policies.
At BNY Mellon, cybersecurity is a top priority for both technology and the business. In this fast-paced environment, staff collaborate to respond to current risks, while identifying and anticipating future threats.
Together with the firm's Information Security Division, we help the Wealth and Investment Management business understand cybersecurity risk and the steps that must be taken to create and maintain a secure environment that drives innovation.
We are seeking motivated and high energy engineers for a unique opportunity to join a business aligned technology team focusing on a variety of cyber security related areas including: Vulnerability Management, Identity and Access Management, Cyber Resiliency, Application and Cloud Security.
What We're Looking For:
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
8-12 years of experience in information security or related technology experience required
Proficiency in Cyber Application Security Engineering (static and dynamic code review, Burp Suite and penetration testing, microservices, Docker and Kubernetes, and tools like GitLab
Experience with Identity Access Management controls and technical implementation of SSO and MFA technologies, Web authentication protocols (SAML and OAuth 2.0), key tools (Site Minder and SailPoint), as well as Technical Policy writing for Azure Office365 ATP - filtering policies
Thorough understanding of NIST CSF - how it applies to 800-53r5 and control mapping, along with controls testing and development
Experience with Cloud Security (Azure and AWS), along with console experience in terraforming and building security stacks in the cloud
Technology Risk management experience in the Financial Services sector, particularly with regulatory cybersecurity compliance
Third Party risk management experience and understanding of applicable regulatory requirements
Bonus Experience Desired:
Modern development practices. A strong preference for experience with CI / CD / Devops techniques
Cybersecurity auditing of technology controls and building the auditing technology guidelines
Exposure to the audit lifecycle and how to manage a technology audit
Communication and technical writing for policy developing standards and guideline documentation
Developing reports from technical data and information into intelligence products for the Risk Controls Managers
Excellent communication, presentation and business writing skills ??? Team player and quick learner
Consults with other IT areas and the businesses and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities. Ensures that all significant security concerns are addressed. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives. Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred, 8-10 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.. BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals with Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.