Vice President, Information Security

Cyber GRC Issue Management

At BNY, our culture allows us to run our company better and enables employees' growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world's investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.

Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance - and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary.

We're seeking a future team member for the role of Cyber GRC Issue Management to join our Controls team. This role is in Pittsburgh, PA.

In this role, you'll make an impact in the following ways:

Position Summary

The Cyber GRC Issue Management role is responsible for overseeing the identification, analysis, escalation, tracking, and remediation of cybersecurity and technology control issues. This position supports governance, risk, and compliance activities by ensuring control deficiencies, risk findings, and remediation actions are managed effectively, reported accurately, and resolved in a timely manner.

The role partners closely with Information Security, Enterprise Control Management, Technology, Audit, Risk, Compliance, and business stakeholders to drive issue resolution, improve cyber hygiene, strengthen control effectiveness, and support audit and regulatory readiness. This position requires a strong blend of data analysis, risk management, governance discipline, and stakeholder coordination.

Key Responsibilities

Issue Management and Risk Oversight

• Manage the end-to-end lifecycle of cyber and technology control issues, including intake, assessment, prioritization, escalation, tracking, remediation, validation, and closure.
• Review and analyze complex data sets to identify trends, insights, emerging risks, and actionable recommendations related to control deficiencies and remediation progress.
• Recommend risk mitigation strategies and courses of action in coordination with Information Security and Enterprise Control Management stakeholders.
• Escalate high-risk issues, delayed remediation activity, and significant change-related risk items for appropriate risk treatment and governance review.
• Identify operational roadblocks and control gaps that may hinder timely remediation and help drive countermeasures and corrective actions.

Governance, Compliance, and Regulatory Support

• Support governance processes related to cyber risk, control management, audit findings, and regulatory commitments.
• Help ensure control remediation activities are aligned to internal standards, policy expectations, and external regulatory obligations.
• Contribute to audit readiness by maintaining clear issue documentation, remediation evidence, status reporting, and closure support.
• Partner with control owners and stakeholders to ensure remediation plans are sustainable, measurable, and appropriately documented.

Data Analysis and Reporting

• Produce and interpret metrics, dashboards, trend analyses, and management reporting related to issue inventory, remediation status, control health, and cyber hygiene.
• Consolidate automated and self-identified findings into a cohesive issue management and reporting framework.
• Use business intelligence and reporting tools to support analysis, executive reporting, and decision-making.
• Provide direction and guidance on reports and analyses to ensure recommendations align with business needs, risk priorities, and organizational capabilities.

Collaboration and Advisory Support

• Work closely with Information Security, Technology, Risk, Audit, Compliance, and business teams in a collaborative and results-oriented manner.
• Provide professional support and consultative guidance on major components of the organization's information security and control environment.
• Partner with other IT and business areas to improve issue management practices, control completeness, and remediation effectiveness.
• Contribute to the achievement of team and organizational objectives through proactive risk management and strong stakeholder engagement.

Required Qualifications

• Bachelor's degree in computer science, Cybersecurity, Information Systems, Risk Management, or a related discipline, or equivalent work experience.
• 6-10 years of experience in Cybersecurity and Information Systems.
• Experience in Governance, Risk, and Compliance, Information Security, Technology Risk, Cybersecurity, or a related field.
• Strong experience in issue management, control remediation, audit support, risk analysis, or compliance oversight.
• Strong analytical, problem-solving, and troubleshooting skills.
• Experience working with business intelligence, data analysis, and reporting platforms such as SQL, DB2, Power BI, Business Objects, Qlik, Tableau, Excel, and PowerPoint.
• Working knowledge of logical and physical database concepts and data structures.
• Knowledge of cybersecurity controls, risk management principles, and issue remediation practices.
• Understanding of the System Development Life Cycle (SDLC) and technology risk implications across the development and production lifecycle.
• Excellent written and verbal communication skills, including the ability to communicate clearly to both technical and non-technical stakeholders.
• Strong time management, independent judgment, and decision-making capabilities.
• Self-motivated, detail-oriented, and able to work effectively both independently and as part of a team.

Preferred Qualifications

• Degree in Cybersecurity, Information Systems, Business, or a related discipline.
• Experience in the securities, banking, or financial services industry.
• Experience supporting audit, regulatory examinations, or formal remediation programs.
• Familiarity with industry control and risk frameworks such as:
  
  
  
  • NIST Cybersecurity Framework
  • NIST 800-53
  • Cyber Risk Institute Cyber Profile
  • ISO 27001
  • COBIT
  • FFIEC guidance
  • PCI DSS, where applicable
  
  
• Experience with GRC platforms, issue tracking systems, and control management tools.
• Experience aggregating vulnerability, control, audit, and self-identified findings into integrated reporting and remediation workflows.

At BNY, our culture speaks for itself, check out the latest BNY news at:

BNY Newsroom

BNY LinkedIn

Here's a few of our recent awards:

• America's Most Innovative Companies, Fortune, 2025
• World's Most Admired Companies, Fortune 2025
• "Most Just Companies", Just Capital and CNBC, 2025

Our Benefits and Rewards:

BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.

BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.