Vice President, Information Security

BNY Mellon•Pittsburgh, PA

1d•Onsite

About The Position

At BNY, our culture allows us to run our company better and enables employees’ growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world’s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide. Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance – and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary. We’re seeking a future team member for the role of Cyber GRC Risk Analyst to join our Cyber Security team. This role is located in Pittsburgh, PA. Position Summary The Cyber GRC Risk Analyst role is responsible for overseeing the identification, analysis, escalation, tracking, and remediation of cybersecurity and technology control risks. This position supports governance, risk, and compliance activities by ensuring control deficiencies, risk findings, and remediation actions are managed effectively, reported accurately, and resolved in a timely manner. The role partners closely with the Cyber Security teams, Enterprise Issue Management, Engineering, Audit, Risk, Compliance, and business stakeholders to drive issue resolution, improve cyber hygiene, strengthen control effectiveness, and support audit and regulatory readiness. This position requires a strong blend of data analysis, risk management, governance discipline, and stakeholder coordination.

Requirements

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Risk Management, or a related discipline, or equivalent work experience.
Typically 5-10 years of experience
Experience in Governance, Risk, and Compliance, Information Security, Technology Risk, Cybersecurity, or a related field, including issue management, control remediation, audit support, risk analysis, or compliance oversight.
Strong analytical, problem-solving, and troubleshooting skills, with experience using business intelligence, data analysis, and reporting platforms such as SQL, DB2, Power BI, Business Objects, Qlik, Tableau, Excel, and PowerPoint.
Knowledge of cybersecurity controls, risk management principles, issue remediation practices, and an understanding of the System Development Life Cycle and technology risk implications across development and production environments.
Excellent written and verbal communication skills, strong time management, sound judgment, and the ability to work effectively both independently and collaboratively with technical and non-technical stakeholders.

Nice To Haves

Degree in Cybersecurity, Information Systems, Business, or a related discipline.
Experience in the securities, banking, or financial services industry.
Experience supporting audit, regulatory examinations, or formal remediation programs.
Familiarity with industry control and risk frameworks such as NIST Cybersecurity Framework, NIST 800-53, Cyber Risk Institute Cyber Profile, ISO 27001, COBIT, FFIEC guidance, and PCI DSS, where applicable.
Experience with GRC platforms, issue tracking systems, control management tools, and integrated reporting workflows that aggregate vulnerability, control, audit, and self-identified findings.

Responsibilities

Manage the end-to-end lifecycle of cyber and technology control issues, including intake, assessment, prioritization, escalation, tracking, remediation, validation, and closure.
Review and analyze complex data sets to identify trends, insights, emerging risks, and actionable recommendations related to control deficiencies and remediation progress.
Support governance processes related to cyber risk, control management, audit findings, and regulatory commitments while helping ensure remediation activities align with internal standards and regulatory expectations.
Produce and interpret metrics, dashboards, trend analyses, and management reporting related to issue inventory, remediation status, control health, and cyber hygiene.
Partner closely with Information Security, Technology, Risk, Audit, Compliance, and business teams to strengthen control effectiveness, improve remediation practices, and support audit and regulatory readiness.
Support application teams in improving cyber hygiene by enhancing control management practices, identifying remediation opportunities, and driving timely resolution of control gaps to reduce operational and security risk.