Vice President, Technology Control Management

BNY Mellon•Pittsburgh, PA

16h•Onsite

About The Position

At BNY, our culture allows us to run our company better and enables employees’ growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world’s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide. Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance – and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary. We’re seeking a future team member for the role of Cyber GRC Risk Analyst to join our Cyber Security team. This role is located in Pittsburgh, PA. Position Summary The Vice President, Cybersecurity GRC Analyst leads the coordination and execution of cybersecurity regulatory engagements, ensuring consistent, high-quality support for regulatory compliance activities. This role is responsible for managing stakeholder engagement, evidence collection, documentation, and reporting across the regulatory lifecycle. The position also oversees the identification, assessment, escalation, tracking, and remediation of cybersecurity and technology control risks. This includes ensuring that control deficiencies, risk findings, and remediation actions are effectively governed, accurately reported, and resolved in a timely and risk-informed manner. As a key liaison across Cybersecurity, Engineering, Risk Management, Risk, Audit, Compliance, and business stakeholders, the Vice President ensures clear communication, alignment, and execution of regulatory priorities. The role requires strong expertise in cybersecurity risk management, governance practices, and financial regulatory expectations, with the ability to translate complex requirements into actionable plans and measurable outcomes.

Requirements

Demonstrates a strong work ethic and consistent high performance, with the ability to operate independently and drive optimal outcomes in a fast-paced environment.
Exhibits strong attention to detail, ensuring accuracy and quality in regulatory responses, documentation, and stakeholder interactions.
Ability to interpret regulatory requests within context and translate them into well-structured, risk-based responses that support effective cybersecurity risk management.
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Risk Management, or a related discipline, or equivalent work experience.
Typically 5–10 years of experience in Governance, Risk, and Compliance (GRC), Information Security, Technology Risk, Cybersecurity, or a related field, including experience in issue management, control remediation, audit support, risk analysis, or compliance oversight.
Strong analytical, problem-solving, and investigative skills, with experience leveraging data analysis and reporting tools such as Power BI, Business Objects, Excel, and PowerPoint to assess compliance and identify control gaps.
In-depth knowledge of cybersecurity frameworks, regulatory requirements, and risk management principles, including experience evaluating control effectiveness, managing remediation activities, and understanding the System Development Life Cycle (SDLC) with a focus on technology risk across development and production environments.
Excellent written and verbal communication skills, strong time management, sound judgment, and the ability to collaborate effectively with both technical and non-technical stakeholders.

Nice To Haves

Degree in Cybersecurity, Information Systems, Business, or a related discipline.
Experience in the securities, banking, or financial services industry.
Experience supporting audit, regulatory examinations, or formal remediation programs.
Familiarity with industry control and risk frameworks such as NIST Cybersecurity Framework, NIST 800-53, Cyber Risk Institute Cyber Profile, ISO 27001, COBIT, FFIEC guidance, and PCI DSS, where applicable.
Experience with GRC platforms, issue tracking systems, control management tools, and integrated reporting workflows that aggregate vulnerability, control, audit, and self-identified findings.

Responsibilities

Coordinate end-to-end cybersecurity regulatory engagements, including preparation, execution, and post-exam follow-up activities.
Proactively identify and engage key stakeholders and subject matter experts early in the regulatory lifecycle to ensure alignment on roles, responsibilities, and expectations, including direct interaction with senior management.
Communicate complex cybersecurity and risk topics clearly and effectively to both technical and non-technical stakeholders across the organization.
Maintain current knowledge of financial regulatory requirements and cybersecurity frameworks to anticipate audit and examination needs.
Support governance processes across cyber risk, control management, audit findings, and regulatory commitments, ensuring remediation activities are aligned with internal standards and regulatory expectations.
Contribute to the development and maintenance of job aids, procedures, and process documentation to enhance regulatory request intake, remediation workflows, and audit readiness.
Partner closely with Cybersecurity, Engineering, Risk Management, Audit, Compliance, and business teams to strengthen control effectiveness, improve remediation outcomes, and support sustained regulatory readiness.