For over 235 years, Bank of New York Mellon (BNY Mellon) has been at the center of the global financial markets, providing the world's leading institutions the tools, capabilities, and services to be distinctive investors. BNY Mellon has approximately $16.5 billion in revenues and a 23% return on tangible common equity.
BNY Mellon is a leader in the world of investment services and investment management, and our businesses support the full range of stakeholders of the financial system including:
Managing the custody of approximately $37 trillion financial assets of the world's leading institutional investors, hedge funds, sovereign wealth funds, and corporates
Investing approximately $2 trillion as one of the largest global asset managers across a wide range of asset classes
Providing collateral, liquidity, and funding for the world's largest banks through our markets franchise
Serving family offices and high net worth individuals through our wealth management franchise
Providing a full suite of solutions to advisors, broker-dealers, family offices, hedge and '40 Act fund managers, registered investment advisor firms and wealth managers
Advising large global corporations on a range of trust and other solutions
Providing integrated managed data services to asset managers
What we do:
BNY Mellon Technology's mission is to provide our business partners with technology-based solutions that enhance their ability to be successful through world-class software solutions maintained on a stable and secure infrastructure, and to provide our employees with the tools and means to enhance their professional qualifications and careers.
We made risk management agile. We believe that unrestricted collaboration and continuous conscious reprioritization are key to effective execution, so we took an innovative approach to risk management applied agile practices to manage our daily work. Here your work makes impact every day. Non-hierarchical organization supports free-flowing communication and empowers employees to take initiatives. Your voice is heard, and your actions seen.
Within this role you will form part the 1st line of defence Technology team responsible for driving IT and cyber risk management practices across the APAC region. Accountable to lead the assessment, monitoring and reporting on technology, cyber, and information security risks inherent to business activities.
You will provide technical and thought experience through effective challenge, sound advice and material support across the full range of risk management lifecycle activities, including risk identification, assessment, and oversight of remediation planning and execution.
Building strong relationships by serving as a prime lead for Technology Risk interface with Audit, Compliance, Legal, 2nd Line Risk Management, Technology (including Information Security) and Business stakeholders across the APAC region. Facilitate the timely sharing of emerging regulations, technology and information security risks, and operational changes across these teams. You will serve as the SME on regulations in the APAC region where they concern technology and information security risks.
Partnering with Internal Audit to help facilitate Internal Audit engagements to ensure audit requests are timely met and potential issues are properly vetted, while working together to ensure efficiency and effectiveness throughout the engagement.
This role engages with global IT and information security teams to maintain situational awareness, and proactively identify risk issues, drive remediation activities, and continuously improve APAC Technology Risk. Interpreting and drives enforcement of technology risk and information security policies, standards, regulatory requirements, and a consistent technology risk management.
You will manage regulatory interactions while partnering with Technology (including Information Security), Compliance, Legal and 2nd Line Risk. This includes oversight of general queries, consultations, inspections, incident reporting, as appropriate. Prior direct experience with regulators is essential.
The successful candidate will:
Have the skills in risk identification and management of process across all aspects of Technology and cyber related risks and controls.
Have ability to support the effectiveness of enterprise-wide information security strategy including related programs, processes, and initiatives.
Have the ability to provide consultative guidance around sound risk management practices, frameworks (ISO, NIST CSF, COBIT, COSO, SOX, SOC, etc.) to technology and business stakeholders in order to guide them through managing risks within the risk appetite thresholds.
Have the knowledge and ability to monitor and assess the potential impact of technology and information security emerging technologies, laws, regulations, and/or policies on the bank.
In this role you will:
Assess the adequacy of the security strategy, business continuity/disaster recovery plans, threats to systems, and then calculating the impact of potential adverse events within the APAC Region.
Assist with management and coordination of Audits, regulatory responses and assessments focusing on a broad scope of technology and information security topics. This includes understanding International Auditing Standards as well as understanding process for documenting self-assessment evidence and records retention practices.
Implement continuous control monitoring on behalf of the 1st line of defense and understand that assessment must be continual, as the risk profiles change constantly.
Ensure management is kept up to date on the results of the risk assessment and make recommendations for mitigations, or projects to protect their systems or cover potential losses.
Continually improve the quality of the risk management - through evaluation of communication of security, data vulnerability, business continuity and compliance risks.
Self-identification of technology and cyber risks even before it occurs
Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
Identify vulnerabilities or weaknesses in systems and facilitate collaborate sessions to remediate these issues.
Examine employee compliance with security controls and deficiencies escalating issues to Information Security and business contacts, as appropriate.
Evaluate security policy, processes, and procedures for completeness
Work with business leads and information security to ensure that controls are adequate to protect sensitive information systems
Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
Provide thought leadership on mitigation/damage reduction proposals
Manage and resolve escalations focused on delivering consistent stakeholder satisfaction and responsiveness.
Participate as a Technology point of contact for robust technology risk and control support and engagement activities on technical incidents / risk / controls matters with the aim of reducing risk and increasing resiliency in operational processes.
Identify technology risk (e.g. End of Life) proactively and addresses through a structured delivery plan along with the regional service owners.
Support the Head of APAC Technology Risk and Control for implementing the Technology Control Framework at the regional level.
Experience & Qualifications:
10 to 12 years of total experience in IT Risk and/or Information Security
Experienced team player with the ability to work independently to organize, manage and complete projects within tight deadlines
Significant knowledge in 2 or more: Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, BCM & DR
Analytical skills with the ability to provide practical solutions for effective risk management
Results oriented and assertive (ability to tackle challenging situations)
Proficiency in written and spoken English (It would be a plus if the candidate understands another Asian language - Mandarin/Japanese) to support the APAC Business segments
Excellent time management skills
Experience managing a 1st, 2nd, or 3rd line function responsible for technology and information security related risks and controls
Excellent stakeholder management and ability to communicate (verbal and written) with different levels of seniority as well as able to communicate technical issues in business language within a global organization
Confidence to respectfully challenge stakeholders
Ability to quickly adopt to quick changes
A self-motivator who has solid track record of local and regional delivery in a global organization
Prior experience in dealing with regulators in the Asia Pacific Region
Experience in the securities or financial services industry
IT Audit experience
Project Management experiment
Information risk and/or security qualification (CISSP, CRISC, CISM or equivalent)
BNY Mellon is an Equal Employment Opportunity Employer. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
Primary Location: Singapore-Singapore-Singapore Job: Information Technology Internal Jobcode: 96429 Organization: Clearing Markets ISS Svcs Tech-HR16624 Requisition Number: 2106114