BNY Mellon Data and Analytics Solutions is apublic- and private-cloud-based software and content offering that buildsclient-centric data, technology, and content capabilities.
Operating with the skill and agility of afintech, Data and Analytics Solutions combines the expertise and resources ofthe Eagle product suite, Intermediary Analytics, and other BNY Mellontechnology and data assets. Moreover, the division further extends BNY Mellon'sAsset Servicing capabilities in securities and cash into the world's mostimportant asset class, data.
Data and Analytics Solutions helps firms toanalyze their data from different vantage points and transform it into actionsthat can achieve higher alpha and cheaper beta, with lower costs and less risk.Offering an ecosystem of proprietary and third-party business applications,Data and Analytics Solutions helps firms manage their core investment processesand beyond.
Security Architecture and Engineering (SecEng)is a critical service within the BNY Mellon Information Security Program (ISP)and this SecEng Lead role will be reporting to the Chief Information SecurityOfficer (CISO) within the Data & Analytics Business.
What You Will Do and your Key Responsibilities
- Lead team and manage full scope SecEng service(infrastructure and application architecture reviews, common controldesign/implementation/testing, document generation of system security plans,communicate architecture and platform risk, advise on vulnerability impact with regard toremediation and/or where necessary implement hotfix/workarounds) .
- Collaborating on initial ideal concept POCs with product owners, developers, technicaloperation teams within the both Product Development Lifecycle (PDLC) andSoftware Development Lifecycle (SDLC) and formulating initial threat models forconsumption and ownership by Product owners.
- Continuous improvement and service delivery of the SecurityArchitecture and Engineering program, aligning staff, tools, and processes tokey security metrics and controls within the PDLC/SDLC enabling timely and secure Product featurereleases.
- Provide Security Architecture and Engineering guidance andoversight across Product Management, Research & Development, and Operationsteams to Influence the design and implementation of upcoming products andservices with a mindset of "Security by Default".
- Consulting product teams on how to architect and implementsecure solutions and ensuring SOC2 audit compliance.
- Responsible for overall Security Architecture andEngineering assessments and posture through security design, threat modeling,owning and implementing common architecture controls throughout the productportfolio and platforms.
- Design and deploy state-of-art technology to meet thebusiness needs and interface with business units regarding technical planningand security architecture/engineering topics.
- Perform proof-of-concept and proof-of-technology testing forintegrating new 3rd party security products into the development and deploymentprocesses.
- Perform validation of security controls to insure adherencewith compliance and industry best practices.
- Perform hands on security design, implementation, and testing of products and services toproactively Client risk and track them to resolution.
- Design and assess SaaS and PaaS cloud services andvirtualization technologies within Public Cloud Service Provider (CSP)offerings.
- Use a risk-based approach, advocate for and help prioritizeremediation of security findings and develop/report metrics measuring the stateof application security program.
Qualifications
Previous experience in information security architecture and engineering domains (e.g., design/implementation reviews, threat modeling)
Experience working within enterprise class application architectures that are highly scalable and reliable and the ability to secure them
Experience with DevSecOps tooling
Experience with Public Cloud (e.g., Azure, AWS, and GCP) technologies (e.g., kubernetes, containers, databases as service)
Experience with securing containers, host, databases, and application solutions for multi-tier and microservice systems.
Have a strong knowledge of building security into continuous integration and delivery (CI/CD) pipeline.
Ability to understand business requirements and apply security without adversely affecting the desired functionality
Experience with securing containers, host, databases, and application solutions for multi-tier and microservice systems.
Relevant security certifications a plus (such as: CISSP, CISM, GPEN, GCIH)
High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
Primary Location: United States-Massachusetts-Wellesley
Internal Jobcode: PTSG32
Job: Information Technology
Organization: Technology Services Group-HR06725
Requisition Number: 2011689
|
Search
Close