Spec, Ent Thrd Pty Mgmt

Job Description

Independently implements technology risk strategies and technology risk management improvements for a complex business line and/or business partner area facing a moderate level of technology risk. Applies extensive knowledge of information, cyber, security and technology risk concepts to skillfully interpret needs and drive the assigned business line and/or business partner areas evaluation of technology risk processes and execution and delivery of technology risk services. Uses familiarity with the assigned business line an/or business partner area to assist with the enforcement of technology risk policies, standards and regulatory requirements. Contributes to the development of technology risk control frameworks and may present recommendations to business leaders, organizational management and regulators for approval. Applies a strong understanding of control and risk management concepts, security systems and applications in order to interpret the technology risk needs of the assigned business line and/or business partner area and communicate relevant technology risk management policies, procedures and guidelines. Guides the business line and/or business partner areas technology risk and control environment initiatives. Applies understanding of applicable laws and regulations and knowledge of industry best practices to technology risk management recommendations. Independently performs detailed application risk analyses to facilitate comprehensive risk assessments. Assesses and determines the business unit and/or business partner areas need for additional training and support on technology risk management. Manipulates advanced data, including pulling, aggregating and developing reports from multiple sources for presentation to business unit and/or business partner management. Performs highly complex analyses and identifies trends using an advanced understanding of technology risk metrics (KRIs, KPIs). Advises and guides the business unit and/or business partner area on establishing KPIs that ensure compliance with legal and regulatory requirements. Drives efforts to promote a highly effective technology risk culture and to enforce and communicate technology risk policies, procedures and guidelines. Advises the business line and more junior professionals on use of technology risk support tools to develop technology risk policy content. Executes remediation of standard and complex technology risk issues for the assigned business line and/or business partner area and may assign tracking tasks to more junior professionals. Enforces adherence to existing controls and may assess opportunities for control methodology revisions. Facilitates requirement gathering and builds consensus on risk mitigation and remediation strategies. Ensures business unit and/or business partner area leaders are prepared for business impacts from changes to technology risk policies and standards. Manages projects through to completion and derives technology risk solutions in partnership with various corporate teams within IT and the business environment. Is beginning to influence business line and/or business partner contacts to ensure the implementation of technology risk solutions. No direct reports,, provides guidance to more junior team members and may assign tasks, as needed. Contributes to the achievement of team objectives. Modified based upon local regulations/requirements. Bachelor s degree or the equivalent combination of education and experience is required. 5-7 years of total work experience preferred. Experience in Technology, Information Security and/or technology risk preferred. Knowledge of security systems and applications preferred. At least one security clearance preferred. QualificationsIndependently implements technology risk strategies and technology risk management improvements for a complex business line and/or business partner area facing a moderate level of technology risk. Applies extensive knowledge of information, cyber, security and technology risk concepts to skillfully interpret needs and drive the assigned business line and/or business partner areas evaluation of technology risk processes and execution and delivery of technology risk services. Uses familiarity with the assigned business line an/or business partner area to assist with the enforcement of technology risk policies, standards and regulatory requirements. Contributes to the development of technology risk control frameworks and may present recommendations to business leaders, organizational management and regulators for approval. Applies a strong understanding of control and risk management concepts, security systems and applications in order to interpret the technology risk needs of the assigned business line and/or business partner area and communicate relevant technology risk management policies, procedures and guidelines. Guides the business line and/or business partner areas technology risk and control environment initiatives. Applies understanding of applicable laws and regulations and knowledge of industry best practices to technology risk management recommendations. Independently performs detailed application risk analyses to facilitate comprehensive risk assessments. Assesses and determines the business unit and/or business partner areas need for additional training and support on technology risk management. Manipulates advanced data, including pulling, aggregating and developing reports from multiple sources for presentation to business unit and/or business partner management. Performs highly complex analyses and identifies trends using an advanced understanding of technology risk metrics (KRIs, KPIs). Advises and guides the business unit and/or business partner area on establishing KPIs that ensure compliance with legal and regulatory requirements. Drives efforts to promote a highly effective technology risk culture and to enforce and communicate technology risk policies, procedures and guidelines. Advises the business line and more junior professionals on use of technology risk support tools to develop technology risk policy content. Executes remediation of standard and complex technology risk issues for the assigned business line and/or business partner area and may assign tracking tasks to more junior professionals. Enforces adherence to existing controls and may assess opportunities for control methodology revisions. Facilitates requirement gathering and builds consensus on risk mitigation and remediation strategies. Ensures business unit and/or business partner area leaders are prepared for business impacts from changes to technology risk policies and standards. Manages projects through to completion and derives technology risk solutions in partnership with various corporate teams within IT and the business environment. Is beginning to influence business line and/or business partner contacts to ensure the implementation of technology risk solutions. No direct reports,, provides guidance to more junior team members and may assign tasks, as needed. Contributes to the achievement of team objectives. Modified based upon local regulations/requirements. Bachelor s degree or the equivalent combination of education and experience is required. 5-7 years of total work experience preferred. Experience in Technology, Information Security and/or technology risk preferred. Knowledge of security systems and applications preferred. At least one security clearance preferred.BNY Mellon is an Equal Employment Opportunity Employer.Our ambition is to build the best global team one that is representative and inclusive of the diverse talent, clients and communities we work with and serve and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.Primary Location: India-Maharashtra-PuneJob: Information TechnologyInternal Jobcode: 96435Organization: Control Functions-HR17866Requisition Number: 2102694,

Keyskills :
risk controlrisk metricsrisk managementrisk mitigationtechnology risksecurity systemscontrol environmentinformation securityrequirement gatheringorganizational managementriskcyberdrivescontrolmetrics