Group Manager Information Security – Threat Detection

BNY Mellon
September 16, 2019
New York City, New York
Job Type
Apply on Website
Page Views


Job Description

As a global investments company, BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments, and safeguards nearly one-fifth of the world's financial assets. Every day, our Technology employees make this happen while also seeking out new ways to do it more efficiently and effectively.

As part of BNY Mellon’s global Technology organization, you’ll have the opportunity to engage with some of the best and brightest, technology, business, and financial minds to find new and better ways to exceed our clients’ expectations and build the future of financial services. With more than 230 years of industry leading experience under our belts, you might even say that we are the original fintech.

At BNY Mellon, cybersecurity is a top priority for both technology and the business. The members of the Information Security Division are on constant alert, using their creativity and knowledge of cybersecurity, technology and business processes to develop and deliver creative solutions. In this fast-paced environment, staff collaborate to respond to current risks, while identifying and anticipating future threats. Our cyber capabilities encompass the full spectrum of services from Cyber Operations (SOC, Cyber Threat Intelligence, Vulnerability Management, Cyber Incident Response, Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insider threat) to Cyber Architecture and Engineering (Network, Platform, Cloud, and Applications Security).  Together with the CISO and his leadership team, staff provide a robust set of cyber services that provide full scope protection and response capabilities across the BNY Mellon enterprise.  We help our businesses, the bank’s executive team, and our board of directors understand cybersecurity risk and the steps that must be taken to create and maintain a secure environment that drives innovation.

Group Manager, Information Security->> Manages a medium to large-sized or multiple small teams responsible for organization data protection. Oversees CTS security architecture, security monitoring and auditing, incident reporting/response and forensics. Leads and oversees information security projects and resourcing. Liaises with business process owners to ensure ongoing alignment.

Responsible for the development and delivery of CTS security and/or COB standards to ensure information system security across the business. Directs the monitoring of the utilization and effectiveness of security resources. Develops and implements processes and methods for auditing and addressing non-compliance and information security and/or COB standards. Provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities.

Monitors budgets and schedules for projects conducted by teams and ensures they are completed in a timely manner. Recruits, directs, motivates and develops staff, maximizing their individual contribution, their professional growth and their ability to function effectively with their colleagues as a team. Manages one or more information security teams.

Contributes to the achievement of team objectives.

Position overview:

As a manager of the Threat Detection team, you will be responsible for defining and tackling complex cyber security problems from strategy to execution.  You will need to assess the current visibility and detection in the organization against current adversary tools and techniques.  Gaps must be prioritized and progress against those gaps tracked and managed.  This role is responsible for developing and proposing new practices, techniques, and technologies to address threat.  This role enables the threat intelligence and response teams to be successful, requiring strong collaboration and internal team relationship building.  In addition to strategic and tactical execution, you will need to build and maintain a pipeline of talent to ensure the team is continually staffed with high quality threat detection engineers.

This is a challenging and rewarding position that provides an opportunity to set the direction of a team of threat detection engineers to develop cutting edge techniques and technologies in pursuit of a vital mission that protects people, sensitive information/intellectual property and the security posture of the bank.

Key responsibilities and deliverables:

  • Responsible for developing a roadmap for current and future work to prioritize improvements in BNYM’s visibility and detection, given current state and anticipated threat actor activity.
  • Lead a team of high-performing security engineers developing solutions to aggressively close visibility and detection gaps, delivering high quality detection analytics.
  • Lead proactive detection and recommend security hardening.
  • Engage in ongoing research in security tools, techniques, and procedures, as well as advance Threat Detection initiatives based on aggressive security principals, machine learning algorithms, and threat mitigation techniques.

  • Develop and report on actionable metrics that help measure the effectiveness of the team and provide direction for improvement.

  • Collaborate with Threat detection team, Insider Threat team, Operations and other stakeholders to develop innovative detection capabilities through automation and advanced analytical techniques.

  • Provide subject matter expertise to teams across the company, helping them make informed, risk-based decisions.
  • Train, coach, and supervise staff.
  • Build and maintain a pipeline of technical talent.



  • Experience in threat detection, forensics, incident response, threat intelligence or a related field.  Ideally, multiple years of experience actively detecting and responding to attacks.

  • Experience recruiting and leading technical teams, including performance management.

  • Master’s degree preferred.  Background in Computer Science and business administration is ideal.

  • Any of the following certifications, equivalent training, or experience is a plus:

    • Host forensics: e.g. GCFA, GCFE, GCIH, EnCE

    • Malware Analysis: e.g. GREM

    • Network Forensics: e.g. GNFA

    • Penetration testing: e.g. GPEN, GWAPT, GXPN, OSCP

  • Demonstrable competency with InfoSec fundamentals including Lockheed Kill chain and MITRE ATT&CK-based analytics.

  • Detailed understanding and experience in attacker techniques and effective use of threat intelligence to rapidly build and deploy threat detection.

  • Fundamental understanding of InfoSec threat sharing including IoCs, artifacts, and forensic techniques.

  • Past experience with threat detection platforms like Splunk is a plus.

  • Active listening and collaborative skills with various audiences, including direct team members and executive stakeholders, in order to perform hunt and content development.

  • Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
  • 10+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.