Principal IT Risk Analyst

The Bank Of New York Mellon ,
Manchester, Greater Manchester

Overview

Job Description

Overview of BNY Mellon BNY Mellon is a global financial services company focused on helping clients manage and service their financial assets, operating in 35 countries and serving more than 100 markets. BNY Mellon is a leading provider of financial services for institutions, corporations and high-net-worth individuals, providing asset management and wealth management, asset servicing, issuer services, clearing services and treasury services through a worldwide client-focused team. Job Purpose As part of BNY Mellon's "first line of defence" and working within the EMEA Technology Governance group, the role holder will provide critical support to local, regional and global initiatives. In collaboration with a globally dispersed team of technical, business and operational experts, they will identify, analyse, monitor and minimise highly-complex areas of risk that pertain to Information Technology. The role holder will play a key role in the governance and oversight of Information Technology services outsourced by BNY Mellon affiliate legal entities to the US-parent company. Key Responsibilities Supervises a small team of IT Risk Analysts, providing local leadership and support. Leads complex projects that involve working with stakeholders across the businesses to design, implement and improve controls that mitigate deficiencies; o Provides high-value input into the analysis and documenting of complex risks and issues. o Presents observations, findings and recommendations to multiple stakeholders including senior management. Ensures that processes and controls meet regulatory and organisation standards; o Prepare materials, including documents, data and presentations, as necessary to support the team in providing effective governance and oversight of outsourced Information Technology services. o Recommends and guides any resulting change needed to mitigate risk. Interprets the rationale, logic and data behind management information provided to and prepared by EMEA Technology Governance; o Undertakes analysis of large, complex data sets and presents results in forms appropriate to target audiences. o Questions management information where it indicates non-compliance with policy, process, standards or regulation. Remains aware of technology, industry and market trends to determine potential risks to the organisation. Performs business, technical and process analysis including solution design, specification writing and testing. Requirements This role may suit applicants coming from risk, compliance and audit backgrounds. The role holder must have excellent verbal and written communication skills including a talent for expressing complex problems and solutions in a manner suited to a variety of audiences, including those with limited understanding of Information Technology terms and concepts. They will possess excellent organisational ability, be self-motivated and effective in prioritising multiple tasks in a busy and dynamic environment. The successful applicant will be flexible, curious and possess a can-do attitude. They will be comfortable engaging and questioning colleagues from all areas and at all levels of the organisation. A high-level of productivity working within an unsupervised, matrix reporting environment is vital. Essential Skills and Experience An extensive background in Risk Management, Compliance / Regulatory or Audit, ideally gained in either a Technology or Financial Services environment. Experience in business, technical or process analysis and a solid understanding of information technology. Strong data analytics skills and the ability to work with large, complex data sets. Extensive experience with Microsoft Excel, including pivot tables, charting and complex functions. Experience with Microsoft PowerPoint and the ability to present complex data in a clear and concise manner. Advantageous Skills and Experience Awareness of relevant regulatory frameworks and legislation, including; o UK Senior Managers & Certification Regime (SMCR) o Client Assets Sourcebook (CASS) o EBA Guidelines on Outsourcing o EBA Guidelines on Information & Communication Technology and Security Risk Management