Information Security Risk Specialist Job

Information Security Risk Specialist (Job Number: 1310156)

BNY Mellon is a global investments company dedicated to helping its clients manage and service their financial assets throughout the investment lifecycle. Whether providing financial services for institutions, corporations or individual investors, BNY Mellon delivers informed investment management and investment services in 36 countries and more than 100 markets. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments. Additional information is available at www.bnymellon.com.

Risk and Compliance provide risk and compliance services across all BNY Mellon businesses. Organizationally, Risk and Compliance includes the following groups: Risk Management, Compliance, Global Corporate Security, Information Risk Management and Global Business Continuity. Risk Management oversees and delivers risk services and ensures new business risks are reviewed and approved. Risk Management is organized through Chief Risk Offices for each core business and critical operation. Risk managers provide shared support to BNY Mellon for operational risk services for Global Corporate Trust, Depositary Receipts, Treasury Services and Global Operations in EMEA. Compliance helps ensure BNY Mellon's businesses maintain appropriate processes to comply with applicable laws, regulations, BNY Mellon policies and ethics. This is accomplished through business- and business partner-specific teams of professionals, under centralized global management.

Description

Information Risk Specialist - London

Introduction

The role is part of the Information Risk Management (IRM) organisation at Bank of New York Mellon. IRM is comprised of 6 main teams:
- Risk and Control Governance
- Technology Risk Management
(Application Assessments, Infrastructure Assessments, Service Provider Management Risk Strategy)
- Information Security
- Identity and Access Management
- Chief Administrators Office

This role will be part of the Infrastructure Assessments team, which is part of Technology Risk Management International. The Technology Risk Management International Assessments team has staff based in Singapore, Dublin, Manchester and London. The Team has responsibility for:
- Network Security Assessments
- Application Security Assessments
- Service Provider Management (SPM)
- Mergers and Acquisition (TRM due diligence and subsequent integration risk assessment)

The Information Risk Specialist role will be based in our London Queen Victoria Street office.

The UK team have primary responsibility for Infrastructure Security Assessments and Network Security Assessments in the EMEA and Asia Pacific regions. Support is also provided to the US teams.

This role will be in the Infrastructure Assessments Team and will report to Graham Fountain who is the Infrastructure Assessments Team Leader. Graham reports to Bernard Childs, Head of the International Assessments Team.

Responsibilities

To ensure the integrity and reliability of Company data and systems, through appropriate technology risk assessment. This includes involvement in business and IT projects to ensure that appropriate controls are built in from the earliest stages. The responsibilities of the team include (with overall approximate percentage of time spent on each):
- Technology Infrastructure Assessments (35%)
- Project Consultancy (15%)
- Duty Officer Role - Firewall/URL change request approval, Reconciliation of firewall changes (15%)
- Firewall Policy Reviews (15%)
- Issues and Exceptions processing and tracking (10%)
- Other (10%)

In addition to these areas, the team is also engaged in general Information Security Consulting to the EMEA/Asia Pac businesses

Range of Activities (Proportionally more than 5% of time)

Technology Infrastructure Assessments (35%)

Technology Infrastructure Assessments for new, changed and existing systems in accordance with the BNY Mellon Information Security Policies, Standards and Procedures.

Works with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.

If risks cannot be mitigated, works with the business to request a policy exception.

Tracks issues and agreed actions to completion. Escalating issues to the Head of International Assessments where necessary.

Project Consultancy (15%)

Project Consultancy for new, changed and existing systems in accordance with the BNY Mellon Information Security Policies, Standards and Procedures.

Works with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.

If risks cannot be mitigated, works with the business to request a policy exception.

Tracks issues and agreed actions to completion. Escalating issues to the Head of International Assessments where necessary.

Duty Officer Role - Firewall/URL change request approval, Reconciliation of firewall changes (15%)

Duty Officer is a role performed by the team to:
- Assess firewall changes with a view to approval
- Firewall change reconciliation
- Assess URL access requests with a view to approval
- Ad-hoc requests for TRM support/guidance

Firewall Policy Reviews (15%)

Perform firewall policy reviews using the firewall analysis tools in compliance with the Information Security Policies, Standards and Procedures as required by the business. This typically takes place once a year but there may be ad-hoc requirements to perform policy reviews.

Issues and Exceptions processing and tracking (10%)

As a result of the above responsibilities, Issues and Exceptions to policy will be generated. Using the company risk management tool to create and track issues and exceptions, the associated risks will be followed through to conclusion.

Other (10%)

Support other teams within TRM in their responsibilities e.g. Acquisitions/Mergers Divestitures

Ad-hoc requests for TRM support/guidance

Attending key meetings across the organisation

Service Provider Management – working with our service provider management team to help assess risks at service providers and vendors.

Qualifications

Skills/Knowledge

This is generally a 'hands off' role – the successful candidate will have no responsibility for actually carrying out security changes such as adding users, installing or configuring applications, etc. IT and others carry out changes under the supervision and instruction of TRM where relevant. However, a certain level of knowledge is required when working with technicians to know what is required, possible and achievable in technical areas.

A successful candidate must have...
- Strong experience in a Technology Risk, Information Security or an IT Audit role;
- A professional qualification, relevant to Information Security (such as MSc, CISSP or CISM);
- A thorough understanding of Risk Assessment approaches and methodologies;
- A good understanding of normal network infrastructure such as VPNs, firewalls, switches, routers, LANs, etc.;
- Experience of formal document creation, such as the creation of reports or procedures;
- Experience of carrying out risk reviews, technology audits or other similar work;
- Thorough understanding of the ISO 2700X series of standards and guidelines; and
- Strong MS Office skills (core applications).

Some or all of the following will be of advantage...
- Knowledge or practical experience of one or more of the following products:

* Archer Technologies SmartSuite Framework.

* Algosec Firewall Analysis Tool

* Tufin Operations Management

* Juniper/Checkpoint/CISCO firewall management

* URL Filtering products
- Other professional qualifications/memberships, relevant to Information Security (Institute of Information Security professionals, CISA or QICA).

Key Skill and Attributes
- A keen eye for an opportunity to improve existing process and take the initiative to promote such an enhancement.
- Must take accountability for their actions and be open and honest when things have gone wrong, and celebrate successes when things have gone well.
- Able to co-operate and work well with others adopting an approachable style – Important as we work closely with a large and diverse set of suppliers and customers.
- Must be rigorous and thorough – especially when logging and tracking issues through to conclusion
- Candidate must be able to manage their own workload and run several tasks concurrently so as to meet the realistic targets and priorities set in conjunction with management. This is especially important because we work in an environment where priorities can change quickly and with little prior warning. Demonstrate a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
- Demonstrates a calm professional approach, with a good understanding of time constraints and the need to escalate/inform departmental management as appropriate.
- Understands their own shortfalls and knowledge gaps. Not afraid to acknowledge a gap and work on strategies to address them.
- Adapts personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done.
- BNY Mellon often goes through periods of change and it is therefore critical that this person adapts to changes in the organisation and job responsibilities and displays a positive attitude.
- Must be able to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits.
- Able to express clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.
- Documentation must be professional, well structured and presented and require the minimum management review and revision. This is especially important.
- Good at listening and analysing a situation or the information provided.
- Works well with others or individually. Supports the development of the team as a whole, places team before personal interests.
- Shows respect for others and recognises their concerns and interests.

Primary Location: United Kingdom-United Kingdom-Greater London-London
Internal Jobcode: 50098
Job: Audit/Compliance/Risk
Organization: Information Risk Management-HR06032

• Admin

  New
  • Log in

• Recent Jobs

  • Full Stack Engineer
  • Senior Full Stack Developer
  • Software Developer Engineer
  • iOS/Android Developer
  • DevOps for Connected Heating Systems
  • IT Architect
  • Agile Scrum Coach
  • HTML5 Front End Developer
  • .Net Developer (Switzerland)
  • Software Testers

• Categories

  • Financial
  • General
  • Healthcare
  • Technology

• Archives

  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015

• Tags

  Accounting & Finance careers in the Australia Accounting & Finance careers in the Hong Kong SAR Accounting & Finance careers in the Singapore Accounting & Finance careers in the UK Accounting & Finance careers in the USA Accounting) Alabama Us Alberta Canada Arizona Us Asset Management Asset Management careers in the Hong Kong SAR Asset Management careers in the UK Asset Management careers in the USA Associate AVP Baden Württemberg Germany Bayern Germany Business Analyst California Us Call Centres Capital Markets Capital Markets careers in the UK Colorado Us Commodities Commodities careers in the UK Compliance Connecticut Us Consultancy Corporate Banking Credit Debt Derivatives Director District Of Columbia Us Driver Equities Equities careers in the UK Fixed Income) Fixed Income careers in the UK Florida Us Foreign Exchange F recruitment Georgia Us Home Counties Uk Ile Of France France Illinois Us Indiana Us Information Technology careers in the Hong Kong SAR Information Technology careers in the Singapore Information Technology careers in the UK Information Technology careers in the USA Investment Banking Iowa Us Kansas Us Kentucky Us Legal London recruitment London Uk Louisiana Us M & A careers in the UK Manager Maryland Us Massachusetts Us Michigan Us Midlands Uk Minnesota Us Missouri Us Money Markets New Jersey Us New South Wales Australia New York Us Noord Holland Netherlands Nordrhein-Westfalen Germany North Carolina Us North West Uk Ohio Us Oklahoma Us Ontario Canada Operations careers in the UK Oregon Us Pennsylvania Us Private Banking Project Manager Queensland Australia Risk Management careers in the UK South Australia Australia South Carolina Us Southern Uk South West Uk Tennessee Us Texas Us UK Victoria Australia Virginia Us VP Washington Us Western Australia Australia Wisconsin Us Yorkshire Uk Zuid Holland Netherlands

• Links

  • Name.ly
  • Who-El.se?

• RSS

  • Entries (RSS)
  • Comments (RSS)