IRM Senior Specialist
- London, England, United Kingdom
- Permanent, Full time
- BNY Mellon
- 27 Sep 16
IRM Senior Specialist
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Risk and Compliance provide risk and compliance services across all BNY Mellon businesses. Organizationally, Risk and Compliance includes the following groups: Risk Management, Compliance, Global Corporate Security, Information Risk Management and Global Business Continuity. Risk Management oversees and delivers risk services and ensures new business risks are reviewed and approved. Risk Management is organized through Chief Risk Offices for each core business and critical operation. Risk managers provide shared support to BNY Mellon for operational risk services for Global Corporate Trust, Depositary Receipts, Treasury Services and Global Operations in EMEA. Compliance helps ensure BNY Mellon's businesses maintain appropriate processes to comply with applicable laws, regulations, BNY Mellon policies and ethics. This is accomplished through business- and business partner-specific teams of professionals, under centralized global management.
The Information Risk Senior Specialist supports the Information Risk Principle and the wider global IRM Technology Project Risk Assurance (TPRA) team. The IRM TRPA team although managed out of London, provides this service globally across all regions where BNYM operates.
The IRM Technology Project Risk Assurance team provides:
- An evaluation and risk management methodology and framework, for BNYM top transformational investment global technology projects and other high risk initiatives
- Intelligent Technology Project Risk Assurance through the program and project lifecycle
- Decision makers and project teams working with essential insight and guidance into information risk, enabling more fully informed decisions to be made
- Senior stakeholder with a broad perspective into the health and management of these key projects and the technology both being used and proposed
- Sh/e drives the enforcement and interpretation of BNY Mellon information risk policies and standards and collaborates with other subject matter experts to determine business/project impact
- Sh/e will drive and support the development of strategic program elements and provide input to risk prioritization, including the development and implementation of key metrics (KRIs, KPIs), and support the development of information risk strategic program elements creating business value and helping to streamline technology development.
- Sh/e will review internal and external IT projects and applications for risk issues and ensure adherence to security policies and industry best practices and security controls.
- Sh/e must have detailed knowledge and understanding of meeting operational and technical information security and risk compliance requirements within a complex regulatory environment.
- The Information Risk Senior Specialist reports to the Information Risk Principle within their department and is expected to deputize for the Information Risk Principle when required.
- Project launch reviews with initial inherent risk and complexity assessment, reviewing business case, project objectives and KPIs
- Evidence based control effectiveness assurance reviews of specific work streams or delivery areas crucial to the success of the program, leveraging wider subject matter experts
- Check point reviews at key transition phases to provide assurance that readiness criteria to progress to the next phase have been met
- Pre-implementation readiness reviews, assessing implementation risks and providing assurance over testing results
- Work with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.
- Periodic (e.g. monthly / quarterly independent assurance report over program status, assessing residual risk across key decision points, identify risks and advise on required actions
- On-going program performance tracking, including oversight of key control processes such as risk & issue and contingency management, via intelligent PMO function reporting into program Sponsor and Steering Committee
- Attend key meetings across the organisation - dealing with all levels of stakeholders from C level to technical subject matter experts.
- Planning, execution and delivery of risk-based initiatives and projects
- Representing IRM on risk-related projects and operations for internal stakeholders
Comply with all BNY Mellon corporate policies and procedures, including HR policies and procedures, applicable to BNY Mellon
Comply with all Security and Health & Safety policies and procedures operating within the business
Shared Values and Core Competencies (required for all roles)
1. Client Focus - demonstrates clear understanding of importance of effective customer service, internally and externally
2. Trust - evidences high standards of integrity and openness
3. Teamwork - demonstrates ability to work effectively as a member of a team, a collaborative style, and understands the value of diversity
4. "Outperformance" - evidences the ability to exceed expectations of others
1. Global Acumen - Developing and incorporating an understanding of the competitive global business environment as well as an awareness of economic, social and political trends that impact the organization's global strategy
2. Establishing Strategic Direction - Establishing and committing to a long-range course of action to accomplish a long-range goal or vision after analyzing factual information and assumptions taking into consideration resources, constraints and organizational values
3. Developing Strategic Relationships - Using appropriate interpersonal styles and communication methods to influence, collaborate and build effective relationships with business partners (e.g., peers, functional partners, external vendors and alliance partners)
4. Building Organisational Talent - Attracting, developing and retaining talented individuals. Providing timely coaching, guidance and feedback to help others maximize their potential and meet key accountabilities. Using appropriate methods and interpersonal styles to develop, motivate and guide a team toward successful outcomes and attainment of business objectives
5. Change Leadership - Continuously seeking (or encouraging others to seek) opportunities for different and innovative approaches to addressing organizational problems and opportunities
6. Client Orientation - Cultivating strategic client relationships and ensuring that the client perspective is the driving force behind all value-added business activities
7. Driving Execution - Translating strategy into operational reality. Breaking down strategic priorities or business initiatives into key tasks and identifying accountabilities. Aligning communication, people, culture, processes, resources and systems to ensure effective implementation and delivery of required results
- Significant experience in one or more financial industry risk, compliance, control and governance disciplines
- In-depth understanding of information security principles and best practices across the industry as well as project management principles
- Strong stakeholder management, relationship-building, collaboration and presentational capabilities.
- Experience of carrying out risk reviews, technology audits or other similar work
- A thorough understanding of Risk Assessment approaches and methodologies
- A strong sense of proportionality, reasonableness and cost with respect to risk response
- Ability to manage through highly sensitive situations with highest level of discretion
- A strong understanding of residual risk and risk mitigation
- A strong bias toward quantitative risk data rather than subjective reporting is required
- Experience in maturing a risk organisation toward a quantitative approach to reporting is highly desirable
- Strong experience in a Technology Risk, Information Risk, Information Security or an IT Audit role
• Advanced degree preferred - MSc in IT Security
• Bachelor's Degree or equivalent work experience required.
• Certified Information Systems Security Professional (CISSP) required, additional security certifications advantageous e.g. Certified Information Security Manager (CISM) or Certified in Risk Information Security Control (CRISC), Certified Information Security Auditor (CISA)
• Proven experience of project management on the basis of an industry standard methodology - a Project Management qualification an advantage (PMI or Prince)
BNY Mellon is an Equal Employment Opportunity Employer.
Primary Location: United Kingdom-Greater London-London
Internal Jobcode: 32947
Organization: Information Risk Management-HR06032
Requisition Number: 1611798