Vice President, Technology Control Management I

Vice President, Technology Control Management I

At BNY, our culture empowers you to grow and succeed. As a leading global financial services company at the center of the world's financial system we touch nearly 20% of the world's investible assets. Every day around the globe, our 50,000+ employees bring the power of their perspective to the table to create solutions with our clients that benefit businesses, communities and people everywhere.  

We continue to be a leader in the industry, awarded as a top home for innovators and for creating an inclusive workplace. Through our unique ideas and talents, together we help make money work for the world. This is what #LifeAtBNY is all about. 

We're seeking a future team member for the role ofVice President, Technology Control Management I to join ourInsight Investmentteam. This role is located inPune, MH – HYBRID.

In this role, you'll make an impact in the following ways: 
Technology leadership in carrying out risk assessment exercises designed to highlight and clearly articulate IT Security risk to the business in terms they understand
Reviewing technical security measures employed in business systems, identifying technical and information security risks, managing suitable risk registers and driving agreed risk resolution
Establishing and maintaining a suitable framework of policies, and ensuring processes defined and followed deliver suitable security
Leading the supplier assurance process from an IT security perspective to ensure suppliers and products are fit for purpose and comply with minimum security requirements 
Lead and support the execution of 3rd party penetration testing across the business enterprise
Respond to and support internal and external audit exercises by articulating architectures, describing operational security processes and collecting evidence 
Provide regular MI to senior management through established reporting cycles
Manage cross platform IT Security Risk Registers and resolution of identified risks
Understanding of the technical security measures required for enterprise IT environments as described above with an appreciation for the fundamental 'defense in depth' and 'zero trust' approaches to IT security
Working with multiple cloud-based solution providers and strong understanding of the security risks associated with cloud-based SaaS, PaaS and IaaS service providers
Ability to define explicit security requirements commensurate with the overall risk of the project to delivery team and its stakeholders during early engagement
Developing qualitative and quantitative comparative analysis metrics when considering multiple security products or vendors
Successfully working within regulated industries and responding to their authoritative agencies
Full understanding of several industry recognized best practices for deployment of technical security controls and associated processes
Defining architectural principles, design patterns and standards for IT security 

To be successful in this role, we're seeking the following: 
Proven technology leadership of maturing cyber security capabilities, technology mentor and leader to a diverse set of teams.
Experience with Cyber Security controls in a range of technical environments.
Understanding of the technical security measures required for enterprise IT environments as described above with an appreciation for the fundamental 'defense in depth' and 'zero trust' approaches to IT security.
Structured approach to identification, prioritization of threats and vulnerabilities, scoping and remediation work.
Strong understanding of security threats, attack vectors, and mitigation techniques
Knowledge of secure design patterns, cryptography, and access control models
Deep technical knowledge of web related technologies such Web applications, Web Services and REST-based Service Architectures and of network/web related protocols.
Experience with industry-standard threat modelling frameworks, such as STRIDE, DREAD, or PASTA.
Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
Proficiency in creating and interpreting technical documentation, including data flow diagrams and use case diagrams.
Familiarity with security standards and regulations such as ISO 27001, NIST, MITRE, CIS and GDPR.
Ability to make best use of available resources and identify where external or 3rdparty resources are required.
Familiarity with technology operations and change management
Familiarity with project development and S-SDLC.
Keeps updated on technologies, industry practices and services.
Deals confidently with conflict, able to maintain a strong professional relationship whilst resolving difficult problems.
Ability to match available technical solutions to business requirements
Ability to "think on the fly" and adapt solutions to meet urgent requirements should they arise.
Self-Confident and Robust
Strong problem-solving and trouble-shooting skills
Self-motivated and possessing of a high sense of urgency and personal integrity
Demonstrated experience and success in similar security architect roles in highly regulated industry (e.g., financial services industry)
Degree in Computer Science, Cyber Security or a related field backed by equivalent work or education-related experience.
Minimum of 8 years of experience in cyber security architecture, design, threat modelling, secure software development, and application security.
Proven experience of technology leadership and guidance and helping lead the teams from a technical perspective.
Industry-recognized certifications, such as CISSP, CISM, or CSSLP, are preferred.

Preferred additional skills
Familiar with containerization including building secure container images, monitoring and security tooling for CI/CD pipelines such as GitHub Enterprise, TeamCity, Aqua Security, SonarQube and orchestration at scale such as Kubernetes and Azure Kubernetes Service
Familiar with IT Security standards and industry recognized guidelines such as CIS and OWASP
Familiar with Cloud secrets management such as Cloud vaults, key management & rotation, MFA, HSM's.
Familiar with agile methodologies and Dev SecOps processes.  

At BNY, our culture speaks for itself. Here's a few of our awards: 
America's Most Innovative Companies, Fortune, 2024
World's Most Admired Companies, Fortune 2024
Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024
Best Places to Work for Disability Inclusion , Disability: IN – 100% score, 2023-2024
"Most Just Companies", Just Capital and CNBC, 2024
Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024
Bloomberg's Gender Equality Index (GEI), 2023 

Our Benefits and Rewards:
BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter. 

BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.