Cyber Security Third Party Governance Technical AnalystBNYM is seeking an initiative-taking professional to join its Cyber Security Third Party Governance (CTPG) team. The successful candidate will work in a technically diverse and dynamic environment with a team of Cyber Security professionals responsible for the assessment, analysis and governance of cyber security for third party vendors. The successful candidate will have deep technical and assessment skills to identify vendor cyber vulnerabilities that puts the BNYM at risk.The individual works closely with the Cyber TPG Security Leader, Business Sourcing Leads (BSL), enterprise sourcing, technology risk management, engagement managers, business teams and vendors on identified cyber risks in vendor environments. This requires both good oral and written communications skills and the ability to negotiate. Must be able to keep sensitive information confidential and know how to use appropriately.Key Roles & Responsibilities of this position include, but are not limited to:Assess the cyber security risk of third party vendors with an appropriate level of detail Travel to vendor locations for on-site assessmentsInterface with enterprise sourcing, technology risk management, business teams and engagement management on vendor cyber security issues identifiedReview and challenge vendor evidence for issue closureAssist in the design and implementation Cyber TPG related processes and toolsDefine and create relevant metrics, presentations and reportsReview the cyber related attestations by third parties such as SOC2 and ISO 27001 and report any observations for further review and trackingReview vendor risk reports created by internal and external entities for impacts to cyber securityKeep up to date on the latest trends, methodologies and tools related to third partyInterface with industry coalitions working on third party cybersecurity issuesQualifications:Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred. Industry certifications such as CISSP or CISM a plus10+ years of experience in cyber security related activities requiredFirsthand experience in performing control-level technical cyber risk assessmentsIn-depth technical knowledge in 1-2 cyber domainsExperience in the securities or financial services industry is a plusExperience in third party governance and related tools is strongly desired but not requiredAbility to manage multiple projects and prioritiesFamiliarity with various global regulations and industry standards concerning cyber securityStrong verbal and written communication skillsMaintains the effectiveness of enterprise-wide information security strategy including related programs, processes and initiatives. May allocate/coordinate work within a team/project. Assists in the development, implementation and enforcement of corporate-wide security policies, procedures and standards. Assists in consulting with the business and operational infrastructure personnel regarding new and existing technologies and appropriate security architectures, practices and procedures. Reviews and analyzes more complex data and information to provide insights, conclusions and actionable recommendations produces advanced reports, analyses, findings, etc. Works closely with IT infrastructure and software engineering applications development to ensure integrity of security procedures, systems, and policies. Works with developers to ensure proper completion of all risk assessments within policy and procedures. Contributes to the achievement of related teams' objectives. Bachelor's degree in computer science or a related discipline, or equivalent work experience required, 6-8 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.. BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals with Disabilities/Protected Veterans. Our ambition is to build the best global team – one that is representative and inclusive of the diverse talent, clients and communities we work with and serve – and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans.Our ambition is to build the best global team – one that is representative and inclusive of the diverse talent, clients and communities we work with and serve – and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
