Group Manager, Information Security->> Manages a medium to large-sized or multiple small teams responsible for organization data protection. Oversees CTS security architecture, security monitoring and auditing, incident reporting/response and forensics. Leads and oversees information security projects and resourcing. Liaises with business process owners to ensure ongoing alignment. Responsible for the development and delivery of CTS security and/or COB standards to ensure information system security across the business. Directs the monitoring of the utilization and effectiveness of security resources. Develops and implements processes and methods for auditing and addressing non-compliance and information security and/or COB standards. Provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities. Monitors budgets and schedules for projects conducted by teams and ensures they are completed in a timely manner. Recruits, directs, motivates and develops staff, maximizing their individual contribution, their professional growth and their ability to function effectively with their colleagues as a team. Manages one or more information security teams. Contributes to the achievement of team objectives.
- The candidate will provide enterprise level guidance, assessment and direction in the development and implementation of encryption architectures, services, and solutions for the banks complex, global environment.
- Emphasis is on validation polices, standards and procedures are followed, documentation of any gaps and escalation of any risks
- Knowledge of implementing and evaluating data encryption systems for networks, computing platforms, and applications software.
- Understand practical risk tradeoffs encryption systems design and implementation. Understand the requirements for conducting a proof-of-concept test or threat scenarios to evaluate architectural options, such as: use of different protocols, algorithms, key lengths and key management systems; encryption at varying points in the technology stack (ref. the OSI stack); centralized vs. decentralized solutions; and solution match to requirements.
- Familiar with centralized key management solutions.
- Familiar with encryption technologies: TLS/SSL, full disk encryption, Hardware Security Modules (HSMs), PKI, DBMS encryption products; application Crypto API use, both wireless and wireline encryption.
- Basic knowledge of industry encryption standards (e.g. NIST SP 800-57, ISO/IEC 18033, and FIPS 140-2).
- Understanding of Information Security frameworks and best practices (e.g. ISO, NIST).
- Experience with the following products is a plus: Oracle ASO/TDE, Vormetic data at rest encryption. Key management solutions (Gemalto or similar products)
- Ability to follow encryption system requirements, standards, policies and procedures.
- Ability to discuss encryption solutions with technical teams.
- Excellent interpersonal/communication, presentation, and technical writing skills.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
- Minimum 10 years experience in information technology
- Minimum 5 years of experience in information security or related technology experience required.
- Minimum 2 years leading implementation teams or hands on implementation of encryption solutions.
- Industry certifications such as: CISSP/SSCP, GSEC, or GCIH a plus.
- Experience in the securities or financial services industry a plus.
- Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
- 10+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
Minorities/Females/Individuals With Disabilities/Protected Veterans. Primary Location:
United States-New York-New YorkInternal Jobcode:
Information Security-HR11724Requisition Number: