Apply for this job now

Information Risk Officer

Job Type
28 Jul 2022

Job Purpose

Newton contributes, and adheres to, BNYM centrally maintained policies and procedures covering all aspects of Cybersecurity. The Information Risk Officer (IRO) oversees, monitors, and reports on all areas that relate to technology controls / information risk activities. In addition, the IRO acts as a liaison between the Newton business and central BNYM control functions to ensure risks are minimised and controls are well understood by our business. The IRO role continually evolves as new risks are identified or the way in which we can present them is enhanced. This individual manages individuals in India and the US. There are high levels of interaction with Newton s Development team and business areas.

Key Responsibilities

  • Deputise for Newton s SIRO, attending and presenting at Client Due Diligence meetings. Where required, present the Info/Tech Risk report at Risk committees. Deal with escalations and breaches interacting with various control functions across BNYM.
  • Construction of Information Risk Dashboards for NIM and NIMNA feeding into the respective Newton Risk and Operating Committees. Responsible for all content and accuracy of reporting coordinating the collection of data across Newton and BNY Mellon as appropriate. Have a clear understanding and be able to support all reported information. Continually question the value of included information and look to incorporate complementary statistics as appropriate.
  • Manage the Information Risk team with individuals in the US and India, allocating work as appropriate, overseeing and assuring quality, motivating and encouraging staff. Provide performance updates regularly and formally at the mid-year and end of year points.
  • Oversee and report on the resolution of system vulnerabilities, providing trend analysis and explanations where SLAs have been breached.
  • Manage Newton Policy Exceptions. The IRO needs to have a thorough technical and business understanding before Exceptions are submitted. Following submission, the IRO will be called upon by BNYM Technology Tower leads to justify the requirement and provide information on Newton s plans for resolution with accompanying timescales.
  • Perform analysis to identify Newton Ethical Hack issues. Work with Product Teams to track, justify, remediate and report, raising exceptions where absolutely necessary.
  • Email Surveillance - BNYM Tools: Understand the BNYM DLP programme, it s aims and impact to the Newton business. Help the Newton Business to cope with the implementation of new controls, showing them how to ensure their content is protected. Be the liaison between the Newton Business and DLP Operations function, providing rationale for quarantined emails. Arrange DLP exceptions where absolutely required being ready to report on these centrally justifying their creation.
  • Email Surveillance - eCommerce "Smarsh" Tool: Look to understand the surveillance rules Newton is screened against and as an escalation point, be ready to perform investigations, talking to business staff about content they have send or shared. Where appropriate escalate to line manager, SIRO, Compliance or HR. Always document within Smarsh actions you have taken.
  • Perform cyber induction training for Newton s new starters, explaining the control environment, how staff should work and where they are able to get help.
  • Communications: Draft informative communications explaining to staff where BNYM ISD controls are changing, and the impact business functions.
  • Manage Newton s UDT (User Defined Technologies) catalogue ensuring information on the central BNYM portal is accurate. Coordinate with the Newton Business to ensure all UDT BNYM specified controls are met in concert with the appropriate business representative.
  • Interact with Newton Compliance justifying how Information Risk data reconciles to central dashboards, providing sufficient information to enable Compliance to talk to this at senior meetings. Complete monthly KRIs and submit to Compliance.
  • Identity & Access Management. The IRO is responsible for ensuring access attestations for Newton systems are performed either via the central SailPoint automated tool or manually by the Information Risk team. Where attestations are centralised, the IRO must ensure Newton SAA (System Access Approvers) perform their attestations on time to prevent access revocations. Where access controls are performed manually, the process must be performed to the highest quality, open to scrutiny from both internal and external audit.
  • ISAE3402: Work to ensure declared controls are accurate and then during the KPMG audit, work to provide supporting information for a random sample. Look to review any findings, rejecting with evidence as appropriate.
  • Construction of Level 1 Information Risk Policies where the BNY Mellon policies are inadequate for Newton.
  • Growth and Interest: Look to learn about Information Risk bringing new ideas to the team, looking to improve the overall team offering.
  • Use JIRA and Confluence to document and manage all change, enabling transparency and oversight from other areas.

Experience and qualifications required:

  • Management of a geographically split team (India and US), including a demonstratable ability to mentor staff
  • knowledge of Data Life Cycle, Data Classification, Obfuscation, Authentication, Authorisation, Encryption, Identity and Access Management (IAM)
  • Experience / Appreciation of Technology Risks (KRIs, EOL, Vulnerabilities, etc)
  • Comfortable presenting to staff or clients
  • Operational Risk or Compliance line 2 background, with an eye for detail and thoroughness
  • Committee / stakeholder management
  • Experience of Cyber Assessments, NIST and domains
  • Cyber qualification - desirable but not essential
Apply for this job now


  • Job Reference: 670333520-2
  • Date Posted: 28 July 2022
  • Recruiter: BNY Mellon
    BNY Mellon
  • Location: London
  • Salary: On Application
  • Sector: Sales & Marketing
  • Job Type: Permanent