Job Description

We're seeking a future team member for the role of Director, Wealth Technology Control Manager to join our First Line Risk and Control team. This role is in NYC, NY.

Role Overview

The Wealth Technology Control Manager is accountable for the design, effectiveness, and continuous improvement of the technology control environment across BNY's Wealth Management Engineering organization. As a senior first line leader, you will work closely with engineering, architecture, cybersecurity, Technology Risk, Compliance and Internal Audit to ensure controls are embedded throughout the Software Development Lifecycle (SDLC), aligned with regulatory expectations, and supported by a culture of ownership and continuous improvement. You will provide clear, evidence based narratives to senior stakeholders, shaping the overall risk posture of Wealth Engineering and ensuring the control environment supports secure and resilient client experiences.

Role Responsibilities

• Partner with product and platform owners, architects, cybersecurity and engineering teams to perform detailed risk assessments. Quantify technology risks and communicate clear findings and recommendations to governance forums.
• Assess and manage technology risks across platforms, applications, data, cloud services and third party integrations. Identify emerging threats, evaluate their potential impact and define robust mitigation strategies.
• Interpret and enforce BNY policies, standards and regulatory requirements. Maintain an informed understanding of Wealth Engineering's architecture, operating model and cloud design principles to ensure correct control application and alignment.
• Construct, maintain and narrate technology control dashboards and key indicators for Wealth Engineering. Present concise insights and risk themes to senior leadership and governance committees.
• Produce the quarterly Technology Risk and Control Assessment for Wealth Engineering. Provide a comprehensive view of risk posture, control effectiveness, resilience performance and alignment to enterprise and regulatory frameworks.
• Prioritize remediation of known risks, audit findings and control gaps. Ensure engineering teams perform thorough root cause analysis and implement changes that strengthen long term control effectiveness.
• Provide SME guidance on control design across SDLC, DevSecOps, identity and access management, secrets management, cloud security, vulnerability management, configuration management and operational resilience. Strengthen risk awareness across engineering teams.
• Develop and maintain metrics, KRIs, KPIs and control health reporting. Use data and trend analysis to support narratives, highlight areas of concern and guide strategic remediation activity.
• Oversee defect, vulnerability and control break management. Provide trend analysis, explain any breaches of SLA and improve structural processes to reduce recurrence and ageing items.
• Lead the issue management and policy deviation process. Clearly articulate the control weakness, provide business and technical justification, define remediation plans and set appropriate timelines before approval.
• Oversee Identity and Access Management controls for Wealth Engineering. Ensure standard tools and processes are used for attestations, provisioning, revocation, segregation of duties and secrets governance. Escalate any deviations where effectiveness is insufficient.
• Represent Wealth Engineering in all Line 1 and Line 2 Technology Risk engagements. Demonstrate a clear understanding of the control environment and ensure alignment to enterprise expectations and regulatory standards.
• Lead major control uplift and risk reduction initiatives such as cloud control enhancements, secure SDLC improvements, resilience strengthening and control automation. Set strategy, coordinate delivery and present progress to senior governance groups.
  Experience Required
• Strong background in technology or engineering supported by a detailed understanding of modern software development, cloud native patterns and platform operations.
• A minimum of twelve to fifteen years of experience in technology risk, controls, cybersecurity or engineering leadership within a regulated financial services environment.
• Demonstrated expertise in performing and leading complex risk assessments that cover SDLC and DevSecOps practices, identity and access management, change and configuration management, vendor integrations, cloud patterns, vulnerability management and operational resilience.
• Strong understanding of regulatory standards relevant to Wealth and banking technology such as NIST CSF, ISO 27001 and ISO 27002, SOX, PCI and GDPR and the implications of these standards for modern engineering environments.
• Practical experience implementing and operating controls across cloud platforms, microservices, APIs, Kubernetes, CI/CD pipelines and secure software supply chain tooling. Strong communication skills with the ability to translate complex control concepts into clear and actionable guidance for senior stakeholders.

BNY assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $130,000 and $210,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNY total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs.
This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors.