BNY Mellon Data and Analytics Solutions is a public- and private-cloud-based software and content offering that builds client-centric data, technology, and content capabilities.
Operating with the skill and agility of a fintech, Data and Analytics Solutions combines the expertise and resources of the Eagle product suite, Intermediary Analytics, and other BNY Mellon technology and data assets. Moreover, the division further extends BNY Mellon's Asset Servicing capabilities in securities and cash into the world's most important asset class, data.
Data and Analytics Solutions helps firms to analyze their data from different vantage points and transform it into actions that can achieve higher alpha and cheaper beta, with lower costs and less risk. Offering an ecosystem of proprietary and third-party business applications, Data and Analytics Solutions helps firms manage their core investment processes and beyond.
The Cloud Governance and Risk Analyst is a member of the Data & Analytics Solutions ("D&A") Governance & Controls team. The team is responsible for 1st line risk oversight of the D&A line of business. The team's mission is to enhance the overall governance, risk and compliance ("GRC") program for a multi-product, multi-cloud technology environment, ensuring that a risk framework is properly implemented, maintained and communicated, that appropriate controls are effectively designed, implemented, and operated, and that the D&A risk profile is monitored and reported to risk stakeholders.
The position requires a solid understanding of the principles of Cloud risk management, Cloud controls design, implementation, monitoring and testing, with demonstrable experience of SOC1 and SOC2, and the NIST SP800 series, in particular SP800-53. The candidate should also possess excellent collaborative and problem-solving skills and an ability to explain risk and control concepts clearly and concisely to teams and individuals across various business and technology functions.
Drive the review and assessment of all relevant enterprise policies, standards, and procedures, identifying those relevant to the line of business and extracting and translating discrete requirements
Support the ongoing identification and implementation of control environments appropriate to our multi-product, multi-Cloud operations
Assist in the translation of control objectives into control implementation statements and associated executable work items for Agile teams across the CI/CD pipeline
Support the transition to continuous Cloud control monitoring, testing and measurement
Manage and maintain documentation library for all risk-related processes and procedures
Maintain regular, manual governance and control reporting for stakeholders; support the transition to self-service reporting
Assist with internal and external audits, client assessments and responding to RFPs
Contribute subject matter expertise to content required for regular risk management communications, training and awareness activities
Supports Risk Framework practices and Uses in-depth knowledge of information technology, risk and control frameworks, risk and control theory and practice, and controls implementation and assessment to determine potential risks to the organization. Supports analysis and draws conclusions in order to recommend and direct any resulting change needed to mitigate risk. Responsible for implementing risk framework and identifying, analyzing, monitoring, reporting, and minimizing information technology risks. Consult and advise on all technology risk matters. Supports related risk programs: audit response, regulatory inquiry and response, etc. Manages complex projects that involve working with the businesses to improve controls to mitigate any deficiencies. Strong written and verbal communication. Communications and organization skills; team work skills. Ability to work independently or with a team. Experience in the securities or financial services industry is a plus. CISA, CISSP or CRISC and ISACA certifications preferred. N/A. Contributes to the achievement of related teams' objectives.
Bachelor's degree or equivalent combination of education and work experience required.5-7 years of total work experience preferred.
A solid understanding of Public Cloud fundamentals, certifications are a plus
Basic understanding and awareness of Cloud DevOps environments, a.k.a. Continuous Integration (CI)/Continuous Deployment (CD) pipeline
Experience with native security and compliance features in Cloud environments, e.g., Azure, AWS
Experience working in and using Public Cloud environments
Competence in the use of Atlassian Confluence and JIRA platforms
Previous experience working in control monitoring and testing automation
Familiarity with industry standard DevOps tools and techniques
Strong analytical, organizational, and project management skills
Strong oral and written communication skills and problem-solving skills
Ability to communicate compliance requirements to personnel at all levels of experience and responsibility
A results-oriented self-starter that has the ability to work in a fast paced, dynamic environment, often with minimal direction
Attention to detail and priority/time management
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
Primary Location: United States-Massachusetts-Wellesley Internal Jobcode: 96427 Job: Information Technology Organization: Technology Services Group-HR06725 Requisition Number: 2104936