Vice President, Cyber Incident Response & Digital Forensics

BNY Mellon•New York, NY

14h•Hybrid

About The Position

At BNY, our culture allows us to run our company better and enables employees’ growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world’s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide. Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance – and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary. We’re seeking a future team member for the role of Cyber Incident Response & Digital Forensics (DFIR) to join our Cybersecurity Platform team. This role is in Washington DC, Pittsburgh, or New York.

Requirements

Govern incident response for a FedRAMP-compliant Azure environment using native Microsoft security tooling.
Bachelor’s degree in information security, Computer Science, or a related field.
6-7 years of experience.
Significant experience in digital forensics, incident response, cybersecurity operations, or a related information security function.
Experience supporting or operating within a 24x7 cyber operations center environment.
Strong hands-on experience with tools such as Splunk, Microsoft Defender, CrowdStrike, and other incident response or threat detection platforms.
Experience conducting digital forensic investigations, including memory, disk, and image analysis.
Strong ability to collect, interpret, and communicate technical incident information to diverse stakeholder groups.
Excellent verbal and written communication skills, with the ability to engage effectively with both technical and non-technical audiences.
Demonstrated ability to manage multiple priorities, adapt quickly, and work effectively under pressure.
Experience supporting enterprise information security infrastructure and contributing to security tooling optimization.
Strong analytical and problem-solving skills, with the ability to assess complex data and produce actionable recommendations.
Strong understanding of information security standards, controls, policies, and industry best practices.
Splunk certification or equivalent demonstrated expertise.
Experience contributing to security architecture and enterprise security standards in large, complex organizations.
Familiarity with continuity of business (COB) principles and related security requirements, NIST, ISO.
Previous Enterprise Cyber Incident repose in a large financial institution.
Experience addressing high-risk security concerns and supporting remediation or mitigation efforts.

Responsibilities

Support a 24x7 cyber operations center through cyber incident investigation, triage, and response activities.
Use specialized security tools including Splunk, Microsoft Defender, CrowdStrike, and other relevant technologies to support incident analysis and response.
Collect, interpret, translate, and communicate technical information from artifacts associated with an investigation & translate to executive leadership.
Conduct memory, disk, and image forensics during active investigations and triage efforts.
Communicate clearly and confidently with both technical and non-technical audiences during incidents and post-incident activities.
Provide senior-level consultation and professional support for major components of the company’s information security infrastructure, including deployment and optimization of forensics and detection tooling such as Axiom Forensics, Splunk, Microsoft Defender, and CrowdStrike.
Contribute to the development and implementation of security architecture, standards, procedures, and guidelines across multiple platforms and varied system environments.
Partner with business and operational infrastructure teams regarding new and existing technologies, recommending post-incident security improvements and supporting implementation efforts.
Review and analyze highly complex security data and information to provide meaningful insights, conclusions, and actionable recommendations.
Define, implement, and apply area-wide security and/or continuity of business policies and standards, leveraging strong knowledge of globally recognized information security principles.
Address high-risk security concerns and incidents, recommend risk mitigation actions, and support the establishment and publication of appropriate standards.
Contribute to the achievement of broader Cybersecurity Platform objectives.