Senior Information Compliance Specialist

BNY Mellon•Washington, WA

4d•$104,000 - $253,000

About The Position

Senior Information Compliance Specialist At BNY, our culture allows us to run our company better and enables employees’ growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world’s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide. Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance – and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary. We’re seeking a future team member for the role of Senior Information Compliance Specialist to join our Information Security Division – Business Information Security Office. This role is located in Washington, DC, Lake Mary, FL In this role, you’ll make an impact in the following ways: Possess deep understanding of the FedRamp High and National Institute of Standards and Technology (NIST) Risk Management Framework and supporting legislation such as the Federal Information System Modernization Act of 2014 (FISMA). Develop and maintain comprehensive security documentation required by FedRamp, including conductive frequent reviews and updates for continued accuracy. Ensures internal controls related to information risk management are effective and drive the review of continued compliance to FedRamp High requirements. Lead the Authority to Operate (ATO) processes for information systems. Demonstrate a breadth of knowledge of information risk management best practices and a thorough understanding of control and risk management concepts. Perform security control assessments, including establishing metrics and measures to assess security control effectiveness, and provide recommendations for any areas of improvement. Serve as the primary point of contact for all inquiries pertaining to audits, security documentation, and control compliance. Displays the ability to collaborate with team members (technical and non-technical) to ensure issues are addressed and relevant technical risk information is collected. Provide briefings on the ATO status, audit findings and remediations, and current control gaps. Contribute to reducing the likelihood of negative reputational and regulatory due to non-compliance with the Bank's information risk management policies and standards, including local procedures specific to the assigned business/business partner areas. Identify and assess potential threats and vulnerabilities. Prepare and coordinate the evidence required for audits, including responding to any audit findings.

Requirements

Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
10+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus
Demonstrate deep understanding of FISMA requirements and NIST special publications (800-53, 800-37, 800-171).
Excellent decision-making skills, moral/ethical standards, teamwork/collaboration, multitasking, and attention to detail.
Exceptional organization and process management skills.
Strong knowledge of the Risk Management Framework (RMF).
Proficiency in M365 applications.

Nice To Haves

Experience with federal compliance preferred.
Demonstrated experience managing or executing successful ATO processes preferred.
Certified Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA) security certification preferred.

Responsibilities

Develop and maintain comprehensive security documentation required by FedRamp, including conductive frequent reviews and updates for continued accuracy.
Ensures internal controls related to information risk management are effective and drive the review of continued compliance to FedRamp High requirements.
Lead the Authority to Operate (ATO) processes for information systems.
Perform security control assessments, including establishing metrics and measures to assess security control effectiveness, and provide recommendations for any areas of improvement.
Serve as the primary point of contact for all inquiries pertaining to audits, security documentation, and control compliance.
Provide briefings on the ATO status, audit findings and remediations, and current control gaps.
Contribute to reducing the likelihood of negative reputational and regulatory due to non-compliance with the Bank's information risk management policies and standards, including local procedures specific to the assigned business/business partner areas.
Identify and assess potential threats and vulnerabilities.
Prepare and coordinate the evidence required for audits, including responding to any audit findings.

Benefits

BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy.
We provide access to flexible global resources and tools for your life’s journey.
Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume