Vice President, Information Security

BNY Mellon•Pittsburgh, PA

1d•Onsite

About The Position

The Cyber GRC Issue Management role is responsible for overseeing the identification, analysis, escalation, tracking, and remediation of cybersecurity and technology control issues. This position supports governance, risk, and compliance activities by ensuring control deficiencies, risk findings, and remediation actions are managed effectively, reported accurately, and resolved in a timely manner. The role partners closely with Information Security, Enterprise Control Management, Technology, Audit, Risk, Compliance, and business stakeholders to drive issue resolution, improve cyber hygiene, strengthen control effectiveness, and support audit and regulatory readiness. This position requires a strong blend of data analysis, risk management, governance discipline, and stakeholder coordination.

Requirements

Bachelor’s degree in computer science, Cybersecurity, Information Systems, Risk Management, or a related discipline, or equivalent work experience.
6-10 years of experience in Cybersecurity and Information Systems.
Experience in Governance, Risk, and Compliance, Information Security, Technology Risk, Cybersecurity, or a related field.
Strong experience in issue management, control remediation, audit support, risk analysis, or compliance oversight.
Strong analytical, problem-solving, and troubleshooting skills.
Experience working with business intelligence, data analysis, and reporting platforms such as SQL, DB2, Power BI, Business Objects, Qlik, Tableau, Excel, and PowerPoint.
Working knowledge of logical and physical database concepts and data structures.
Knowledge of cybersecurity controls, risk management principles, and issue remediation practices.
Understanding of the System Development Life Cycle (SDLC) and technology risk implications across the development and production lifecycle.
Excellent written and verbal communication skills, including the ability to communicate clearly to both technical and non-technical stakeholders.
Strong time management, independent judgment, and decision-making capabilities.
Self-motivated, detail-oriented, and able to work effectively both independently and as part of a team.

Nice To Haves

Degree in Cybersecurity, Information Systems, Business, or a related discipline.
Experience in the securities, banking, or financial services industry.
Experience supporting audit, regulatory examinations, or formal remediation programs.
Familiarity with industry control and risk frameworks such as: NIST Cybersecurity Framework, NIST 800-53, Cyber Risk Institute Cyber Profile, ISO 27001, COBIT, FFIEC guidance, PCI DSS, where applicable
Experience with GRC platforms, issue tracking systems, and control management tools.
Experience aggregating vulnerability, control, audit, and self-identified findings into integrated reporting and remediation workflows.

Responsibilities

Manage the end-to-end lifecycle of cyber and technology control issues, including intake, assessment, prioritization, escalation, tracking, remediation, validation, and closure.
Review and analyze complex data sets to identify trends, insights, emerging risks, and actionable recommendations related to control deficiencies and remediation progress.
Recommend risk mitigation strategies and courses of action in coordination with Information Security and Enterprise Control Management stakeholders.
Escalate high-risk issues, delayed remediation activity, and significant change-related risk items for appropriate risk treatment and governance review.
Identify operational roadblocks and control gaps that may hinder timely remediation and help drive countermeasures and corrective actions.
Support governance processes related to cyber risk, control management, audit findings, and regulatory commitments.
Help ensure control remediation activities are aligned to internal standards, policy expectations, and external regulatory obligations.
Contribute to audit readiness by maintaining clear issue documentation, remediation evidence, status reporting, and closure support.
Partner with control owners and stakeholders to ensure remediation plans are sustainable, measurable, and appropriately documented.
Produce and interpret metrics, dashboards, trend analyses, and management reporting related to issue inventory, remediation status, control health, and cyber hygiene.
Consolidate automated and self-identified findings into a cohesive issue management and reporting framework.
Use business intelligence and reporting tools to support analysis, executive reporting, and decision-making.
Provide direction and guidance on reports and analyses to ensure recommendations align with business needs, risk priorities, and organizational capabilities.
Work closely with Information Security, Technology, Risk, Audit, Compliance, and business teams in a collaborative and results-oriented manner.
Provide professional support and consultative guidance on major components of the organization’s information security and control environment.
Partner with other IT and business areas to improve issue management practices, control completeness, and remediation effectiveness.
Contribute to the achievement of team and organizational objectives through proactive risk management and strong stakeholder engagement.