Vice President, Information Security

Cyber GRC Risk Analyst

At BNY, our culture allows us to run our company better and enables employees' growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world's investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.

Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance - and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary.

We're seeking a future team member for the role of Cyber GRC Risk Analyst to join our Cyber Security team. This role is located in Pittsburgh, PA.

Position Summary

The Cyber GRC Risk Analyst role is responsible for overseeing the identification, analysis, escalation, tracking, and remediation of cybersecurity and technology control risks. This position supports governance, risk, and compliance activities by ensuring control deficiencies, risk findings, and remediation actions are managed effectively, reported accurately, and resolved in a timely manner.

The role partners closely with the Cyber Security teams, Enterprise Issue Management, Engineering, Audit, Risk, Compliance, and business stakeholders to drive issue resolution, improve cyber hygiene, strengthen control effectiveness, and support audit and regulatory readiness. This position requires a strong blend of data analysis, risk management, governance discipline, and stakeholder coordination.

In this role, you'll make an impact in the following ways:

* Manage the end-to-end lifecycle of cyber and technology control issues, including intake, assessment, prioritization, escalation, tracking, remediation, validation, and closure.

* Review and analyze complex data sets to identify trends, insights, emerging risks, and actionable recommendations related to control deficiencies and remediation progress.

* Support governance processes related to cyber risk, control management, audit findings, and regulatory commitments while helping ensure remediation activities align with internal standards and regulatory expectations.

* Produce and interpret metrics, dashboards, trend analyses, and management reporting related to issue inventory, remediation status, control health, and cyber hygiene.

* Partner closely with Information Security, Technology, Risk, Audit, Compliance, and business teams to strengthen control effectiveness, improve remediation practices, and support audit and regulatory readiness.

* Support application teams in improving cyber hygiene by enhancing control management practices, identifying remediation opportunities, and driving timely resolution of control gaps to reduce operational and security risk.

To be successful in this role, we're seeking the following:

* Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Risk Management, or a related discipline, or equivalent work experience.

• Typically 5-10 years of experience Experience in Governance, Risk, and Compliance, Information Security, Technology Risk, Cybersecurity, or a related field, including issue management, control remediation, audit support, risk analysis, or compliance oversight.

* Strong analytical, problem-solving, and troubleshooting skills, with experience using business intelligence, data analysis, and reporting platforms such as SQL, DB2, Power BI, Business Objects, Qlik, Tableau, Excel, and PowerPoint.

* Knowledge of cybersecurity controls, risk management principles, issue remediation practices, and an understanding of the System Development Life Cycle and technology risk implications across development and production environments.

* Excellent written and verbal communication skills, strong time management, sound judgment, and the ability to work effectively both independently and collaboratively with technical and non-technical stakeholders.

Preferred qualifications include:

* Degree in Cybersecurity, Information Systems, Business, or a related discipline.

* Experience in the securities, banking, or financial services industry.

* Experience supporting audit, regulatory examinations, or formal remediation programs.

* Familiarity with industry control and risk frameworks such as NIST Cybersecurity Framework, NIST 800-53, Cyber Risk Institute Cyber Profile, ISO 27001, COBIT, FFIEC guidance, and PCI DSS, where applicable.

* Experience with GRC platforms, issue tracking systems, control management tools, and integrated reporting workflows that aggregate vulnerability, control, audit, and self-identified findings.

At BNY, our culture speaks for itself, check out the latest BNY news at:

BNY Newsroom

BNY LinkedIn

Here's a few of our recent awards:

• America's Most Innovative Companies, Fortune, 2025
• World's Most Admired Companies, Fortune 2025
• "Most Just Companies", Just Capital and CNBC, 2025

Our Benefits and Rewards:

BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.

BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.