Senior Director, Technology Risk Management Manager

At BNY, our culture empowers you to grow and succeed. As a leading global financial services company at the center of the world's financial system, we touch nearly 20% of the world's investible assets. Every day around the globe, our 50,000+ employees bring the power of their perspective to the table to create solutions with our clients that benefit businesses, communities, and people everywhere. This is what #LifeAtBNY is all about.

We continue to be a leader in the industry, awarded as a top home for innovators and for creating an inclusive workplace. Through our unique ideas and talents, together we help make money work for the world.

We are seeking a future team member for the role of Senior Director, Nation-State Cyber Supply Chain Risk to join our Technology Risk Management team. This executive role is responsible for identifying, assessing, and mitigating cyber risks to BNY's supply chain posed by advanced persistent threats (APTs) and hostile nation states. The role ensures these risks are integrated into the firm's broader enterprise risk management (ERM) framework. The role includes strategic oversight and operational execution of cybersecurity risk management related to nation-state threats and third-party supply chain vulnerabilities. This leader will be instrumental in shaping and executing our cyber defense strategy across critical third-party and fourth-party ecosystems, with a particular emphasis on geopolitical threat actors and systemic vulnerabilities in the financial services supply chain. The position reports to the Chief Technology Risk Officer and requires cross-functional collaboration with technology, legal, compliance, and business units.

This exciting role entails one thing: systematically assessing BNY's third-party ecosystem, technologies, controls, and dependencies for readiness to withstand threats from nation-state cyber actors. Activities include, but would not be limited to:

• Collaborate with business lines to identify critical supply chain dependencies and potential targets of nation-state actors.
• Analyze how nation-state actors might exploit third-party vendors, software supply chains, or hardware dependencies to compromise BNY.
• Assess how supply chain operations can support, accelerate, or advance on-net operations.
• Rigorously assess and determine the firm's ability to detect, prevent, and respond to supply chain-focused nation-state capabilities.
• Develop a comprehensive risk posture for each business line based on supply chain exposure to nation-state threats.
• Recommend strategic and tactical mitigation options, including vendor risk management enhancements, with clear risk-reduction tradeoffs.
• Communicate findings to executive leadership and support informed risk decision-making.
• Provide oversight and challenge to remediation efforts across the supply chain risk landscape.
• Design and lead our cyber supply chain risk management program, with a focus on nation-state threat vectors, geopolitical risk, and critical third-party dependencies.
• Oversee cybersecurity due diligence and continuous monitoring of third-party vendors, particularly those in critical infrastructure or high-risk geographies.
• Lead planning and simulation exercises for supply chain-related cyber incidents, ensuring rapid containment, recovery, and integration of lessons learned.

To be successful in this role, we're seeking the following:

• At least 10 years of experience in offensive cyber operations or intelligence analysis at the NSA (preferably TAO/CNO), CIA (preferably DDI/COG), or equivalent roles within the Five Eyes intelligence community, with a focus on supply chain exploitation or defense.
• Alternatively, experience with the British Secret Intelligence Service, the UK Government Communications Headquarters (GCHQ), or equivalent services from the Five Eyes community of nations in the cyber mission will also be considered.
• Deep expertise in nation-state and APT threat landscapes, particularly in tactics, techniques, and procedures (TTPs) used to compromise third-party vendors, software/hardware supply chains, and systemic infrastructure.
• Proven experience in third-party risk management, vendor due diligence, and continuous monitoring of cyber risks across complex supply chain ecosystems.
• Strong background in intelligence integration, incident response, and geopolitical risk analysis as it relates to supply chain resilience.
• Relentless, energetic curiosity and a passion for attacking and solving complex technical problems.
• Ability to clearly articulate nature and solution to technical problems to non-technical senior leadership.
• Exceptional communication skills, with the ability to translate complex technical risks into actionable insights for senior business and risk leaders.
• Financial services experience is welcome, but not critical.
• Familiarity with global cybersecurity regulations (e.g., NYDFS, DORA, NIS2, SEC rules) related to third-party and supply chain risk.
• Financial services experience is welcome, but not critical.

At BNY, our culture speaks for itself. Here's a few of our awards:

• America's Most Innovative Companies, Fortune, 2024 14.
• World's Most Admired Companies, Fortune 2024 15.
• Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024 16.
• Best Places to Work for Disability Inclusion, Disability: IN - 100% score, 2023-2024 17.
• "Most Just Companies", Just Capital and CNBC, 2024 18.
• Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024 19.
• Bloomberg's Gender Equality Index (GEI), 2023 20.

Our Benefits and Rewards:

BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.

BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.

BNY assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $275,000 and $300,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNY total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs.

This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors.