Job DescriptionSenior Principal, Information Risk(
Job Number:2009923) Description
For over 235 years, Bank of New York Mellon (BNY Mellon) has been at the center of the global financial markets, providing the world’s leading institutions the tools, capabilities, and services to be distinctive investors. BNY Mellon has approximately $16.5 billion in revenues and a 23% return on tangible common equity. BNY Mellon is a leader in the world of investment services and investment management, and our businesses support the full range of stakeholders of the financial system.
BNY Mellon’s Pershing and its affiliates provide global financial business solutions to advisors, broker-dealers, family offices, hedge fund and 40 Act fund managers, registered investment advisor firms and wealth managers. Pershing helps clients improve profitability and drive growth, create capacity and efficiency, attract and retain talent, and manage risk and regulation. With a network of 23 offices worldwide, Pershing provides business-to-business solutions to clients representing more than 6 million investor accounts globally.
The new Pershing Data Governance Office handles data governance for all Pershing business globally inclusive of topics such as implementation of enterprise data framework and policies for our line of business, establishing and maintaining corresponding LOB-level policies and procedures, monitoring data related risk and establishing / reviewing controls, ensuring regulatory and contractual compliance around data. The group works with business data owners and technology counterparts in advancing our maturity around data quality, information protection, and data management throughout its lifecycle and within change processes.
Responsible for data / information security policy requirements on the business side while working with technology inclusive of data loss prevention, access management controls, data security risks, controls and policy exceptions, information security representation in the third-party governance and new product approval processes and information classification requirements.
Establish and maintain business process and procedures for data security.
Works with senior and corporate management roles to ensure that the appropriate risk and controls, governance, policies, methods, standards, processes, reporting and training are developed, applied and understood by impacted stakeholders within the information security space
Extensive knowledge of business information security and information privacy policies, methods, standards, processes, governance models. Drive awareness and understanding of information risk management/ data security, compliance, information protection, regulatory concepts, and requirements
Drive and oversee the development of Information security program elements and provide prioritization of business risk.
Provide advice and guidance on information security for legal or regulatory matters. Act as a primary interface between the business/business partner area(s) for these matters. Prepare and present materials for internal and external client communications and take ownership of follow-ups where necessary.
No direct reports. Oversees, advises and guides less experienced Information security roles and may direct their work.
Bachelors Degree or the equivalent combination of education and experience is required. 10-12 years of experience in information security or information privacy preferred. Experience in financial services is preferred. Certified Information Security Management (CISM) or Certified Information Systems Auditor (CISA) security certification preferred