Head of Information Risk for Investment Management
BNY Mellon Investment Management is one of the world’s largest investment firms. We believe that the right results begin by being relevant to every client, whether that is engaging the way they want, offering diversified strategies, or providing advice and quality insights for better informed decisions.
That is why we have designed a model that is built around investors’ needs to offer the best of both worlds: bringing together world-class investment firms with best of breed talent and unique cultures combined with the global scale and strength of BNY Mellon Investment Management. Situated in more than 35 countries around the world, we connect investors with opportunities across every major asset. Today, we have eight investment management firms in our stable: Alcentra, ARX, Dreyfus Cash Investment Strategies, Insight, Mellon, Newton, Siguler Guff and Walter Scott.
The Head of Information Risk is a global leadership role based in NYC reporting to the Chief Administrative Officer of BNY Mellon Investment Management. This is a business risk function accountable for oversight of the Information Risk & Cyber Security areas across Investment Management lines of business. This role will manage a global team of direct and matrixed reporting.
• Leads all aspects of the Information Risk function related to risk, control and compliance matters across a business/business partner area and/or across multiple business partner areas and/or regions.
• Provides leadership directly to senior information risk managers to drive implementation and monitoring of all information risk policies and management processes to effectively mitigate risk.
• Manages the performance of senior information risk managers.
Sets specialty priorities and allocates resources to align with business priorities across the organization.
• Develops control and risk management concepts including risk tolerance and policy.
• Prepares and delivers performance reporting.
• Recognized within the business and across the industry as a leader in addressing information risk related matters and developing policy.
Serves as an escalation point for severe information risk management issues or roadblocks. Shepherds issues through to resolution.
• Develops procedures for consultation on organizational information risk management issues and management of problems.
• Guides senior business managers and senior information risk managers and partners with functional leaders.
• Uses long-standing relationships with global and regional leaders to effectively communicate information risk matters.
• Provides extensive subject matter expertise and industry experience to quantify Information Technology Service Provider risk exposures within the business and to guide senior information risk managers and ensure their adherence to policies, procedures and guidelines.
• Establishes risk control techniques that are aligned with business objectives.
• Accountable for all aspects of the of the Information Risk functions performance.
• Establishes the strategic information risk management program and leads corporate risk prioritization.
• Leads the implementation of organizational risk strategy and ensures the appropriate level of information risk awareness among senior and corporate management throughout the organization.
• Builds and sustains a risk-aware culture among all employees, contractors and service providers across the business environment or multiple business lines and regions supported. Manages only the most complex global priorities.
• Makes decisions, leads consensus building and manages a global virtual organization that balances risks and controls global initiatives.
Builds and maintains the appropriate governance to ensure the business(es) or business partner head(s) are aware of information risks and driving the mitigation of determined risks.
• Leads the information risk team in identifying risk mitigation opportunities.
Reviews risks identified by more junior team members and approves or corrects proposed mitigation methods.
• Understands specific risks that exist within the assigned area and how these risks may be addressed through understanding of control and risk management concepts including risk tolerance and policy.
• Ensures compliance with the Corporate Information Protection Policy defined by the Bank across business units, operations and technology.
• Liaises with senior legal compliance staff in relation to regulatory matters. Measures compliance across the business area.
• Directly influences senior business managers into compliance with security mandates.
• Appropriately represents compliance with policies and standards to executive management, internal and external auditors and senior regulatory officials from multiple jurisdictions and countries.
• Reviews reports on team metrics results and makes team adjustments as needed to align performance with functional objectives.
• Coaches and guides senior managers on improving the execution of the highly complicated information risk management activities and achievement of multi-faceted goals.
• Manages development and talent management processes for more senior managers.
• Coaches and counsels senior managers and manages succession planning for the function.
• Directly manages more senior managers and ensures their focus on functional objectives.
• Responsible for the achievement of goals and objectives. Provides guidance to senior risk managers. Completion of tasks affects organizational achievement of objectives.
• Bachelors degree or the equivalent combination of education and experience is required.
• 15 plus years of total work experience with at least 5-7 years in management preferred.
• Experience in risk, compliance, audit and financial services is preferred.
Investment Management industry experience is desirable.
• Certified Information Security Management (CISM) or Certified Information Systems Auditor (CISA) security certification is preferred.