Associate, Technology Control Management Ii

Details of the offer

Associate, Technology Control Management

At BNY, our culture empowers you to grow and succeed. As a leading global financial services company at the center of the world's financial system we touch nearly 20% of the world's investible assets. Every day around the globe, our 50,000+ employees bring the power of their perspective to the table to create solutions with our clients that benefit businesses, communities and people everywhere.  

We continue to be a leader in the industry, awarded as a top home for innovators and for creating an inclusive workplace. Through our unique ideas and talents, together we help make money work for the world. This is what #LifeAtBNY is all about. 

We're seeking a future team member for the role ofAssociate, Technology Control Managementto join ourInsight Investmentteam. This role is located inPune, Maharashtra – HYBRID.

In this role, you'll make an impact in the following ways: 

Collaborate with various teams (both internal and external stakeholders) to identify, analyze, and document potential security threats and vulnerabilities throughout the SDLC phase.
Conduct security assessments and threat modelling exercises, design reviews and contribute to mitigate the gaps/weaknesses identified for both on-premises and cloud-based environments, systems, and applications.
Assist with the delivery and implementation of new change capabilities identified in the strategy and roadmap into Insight and any additional control improvement identified from the risk management framework, risk assessment.
Provide security advice and support tech and business teams so Cyber Security team can be more proactive in finding solutions to business/tech requirements.
Evaluate the effectiveness of existing security controls and recommend improvements to enhance the overall security posture.
Research emerging security trends and technologies and provide recommendations for adoption and integration.
Assist in the development of security policies, standards, and guidelines, and supporting the team with BAU issues.
Collaborate with peers and other cross-functional teams to identify and address security issues. (E.g., internal peers/Cyber Security colleagues, internal/external penetration testers and incident responders, cross functional product development/infrastructure, Architecture teams).
Participate in security assessments, audits, and regulatory compliance initiatives and carrying out the resulting work to remediate the findings as required.
Security awareness and training – Play a key role in promoting a culture of security awareness and continuous improvement as part of their ongoing engagements
Liaising closely with other technology teams to meet the needs of the business, the post holder will also: 
Manage cross platform IT Security Risk Registers and resolution of identified risks. 
Input to incident management and planning
Provide security consultancy support for contract development and liaison with third parties and external agencies and authorities. 
Manage specific technical issues within projects or operational environments. 
Supporting security incidents/investigation as required.

To be successful in this role, we're seeking the following: 

Experience with Cyber Security controls in a range of technical environments.
Understanding of the technical security measures required for enterprise IT environments as described above with an appreciation for the fundamental 'defense in depth' and 'zero trust' approaches to IT security.
Structured approach to identification, prioritization of threats and vulnerabilities, scoping and remediation work.
Strong understanding of security threats, attack vectors, and mitigation techniques
Knowledge of secure design patterns, cryptography, and access control models
Deep technical knowledge of web related technologies such Web applications, Web Services and REST-based Service Architectures and of network/web related protocols.
Experience with industry-standard threat modelling frameworks, such as STRIDE, DREAD, or PASTA.
Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
Proficiency in creating and interpreting technical documentation, including data flow diagrams and use case diagrams.
Familiarity with security standards and regulations such as ISO 27001, NIST, MITRE, CIS and GDPR.
Ability to make best use of available resources and identify where external or 3rdparty resources are required.
Familiarity with technology operations and change management
Familiarity with project development and S-SDLC.
Keeps updated on technologies, industry practices and services.
Deals confidently with conflict, able to maintain a strong professional relationship whilst resolving difficult problems.
Ability to match available technical solutions to business requirements
Ability to "think on the fly" and adapt solutions to meet urgent requirements should they arise.
Self-Confident and Robust
Able and organized to defend a view in an adversarial situation
Willing to embark on a technical challenge with inadequate training or information
Openness and Integrity
Commitment to remain within moral and regulatory limits. Sensitive about privacy compromise and intellectual property rights.
Attention to process, techniques, and security controls aligned with risk appetite.
Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
A critical thinker, with strong problem-solving skills
Strong problem-solving and trouble-shooting skills
Self-motivated and possessing of a high sense of urgency and personal integrity
Demonstrated experience and success in similar security specialist/threat modelling expert roles in highly regulated industry (e.g., financial services industry)
Degree in Computer Science, Cyber Security or a related field backed by equivalent work or education-related experience.
Minimum of 3-4 years of experience in cyber security, threat modelling, secure software development, and application security.
Proven experience of developing and implementing threat modelling methodologies and processes.
Industry-recognized certifications, such as CISSP, CISM, or CSSLP, are preferred.

Preferred additional skills
Familiar with containerization including building secure container images, monitoring and security tooling for CI/CD pipelines such as GitHub Enterprise, TeamCity, Aqua Security, SonarQube and orchestration at scale such as Kubernetes and Azure Kubernetes Service
Familiar with IT Security standards and industry recognized guidelines such as CIS and OWASP
Familiar with Cloud secrets management such as Cloud vaults, key management & rotation, MFA, HSM's.
Familiar with agile methodologies and Dev SecOps processes.

At BNY, our culture speaks for itself. Here's a few of our awards: 
America's Most Innovative Companies, Fortune, 2024
World's Most Admired Companies, Fortune 2024
Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024
Best Places to Work for Disability Inclusion , Disability: IN – 100% score, 2023-2024
"Most Just Companies", Just Capital and CNBC, 2024
Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024
Bloomberg's Gender Equality Index (GEI), 2023

Our Benefits and Rewards:
BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter. 

BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.


Nominal Salary: To be agreed

Source: Eightfold_Ai

Requirements

Qa/Test Developer

As a QA/Test developer having experience with agile methodology You willDevelop system level test and automate them. Work on Windows and Unix systems. Work c...


Ibm Careers - Maharashtra

Published a month ago

Devops Engineer

In the role of Front-end Engineer, you would be responsible for Designing and development of individual product features for IBM of storage products, IBM Sof...


Ibm Careers - Maharashtra

Published 13 days ago

Application Consultant: Servicenow

Understanding client business processes and service needs and working with the client to demonstrate how ServiceNow modules will support these processes Prov...


Ibm Careers - Maharashtra

Published 13 days ago

Application Architect: Aws Cloud Migration

Create cloud migration strategies, defining delivery architecture, creating the migration plans, designing the orchestration plans and more. Assist in creati...


Ibm Careers - Maharashtra

Published 13 days ago

Built at: 2024-12-22T13:35:38.148Z