Sr. Specialist Information Security Analyst->> Consults with other IT areas and the businesses and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities. Ensures that all significant security concerns are addressed. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives. Description:
- The candidate will provide enterprise level guidance, assessment and direction in the development and implementation of encryption architectures, services, and solutions for the banks complex, global environment.
- Emphasis is on validation polices, standards and procedures are followed, documentation of any gaps and escalation of any risks
- Knowledge of implementing and evaluating data encryption systems for networks, computing platforms, and applications software.
- Understand practical risk tradeoffs encryption systems design and implementation. Understand the requirements for conducting a proof-of-concept test or threat scenarios to evaluate architectural options, such as: use of different protocols, algorithms, key lengths and key management systems; encryption at varying points in the technology stack (ref. the OSI stack); centralized vs. decentralized solutions; and solution match to requirements.
- Familiar with centralized key management solutions.
- Familiar with encryption technologies: TLS/SSL, full disk encryption, Hardware Security Modules (HSMs), PKI, DBMS encryption products; application Crypto API use, both wireless and wireline encryption.
- Basic knowledge of industry encryption standards (e.g. NIST SP 800-57, ISO/IEC 18033, and FIPS 140-2).
- Understanding of Information Security frameworks and best practices (e.g. ISO, NIST).
- Experience with the following products is a plus: Oracle ASO/TDE, Vormetic data at rest encryption. Key management solutions (Gemalto or similar products)
- Ability to follow encryption system requirements, standards, policies and procedures.
- Ability to discuss encryption solutions with technical teams.
- Excellent interpersonal/communication, presentation, and technical writing skills.
- Minimum 10 years experience in information technology
- Minimum 5 years of experience in information security or related technology experience required.
- Minimum 2 years leading implementation teams or hands on implementation of encryption solutions.
- Industry certifications such as: CISSP/SSCP, GSEC, or GCIH a plus.
- Experience in the securities or financial services industry a plus.
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred, 8-10 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans. Primary Location:
United States-New York-New YorkInternal Jobcode:
Information Security-HR11724Requisition Number: