Senior Director, Head of Cyber Assessments (Pipeline)

At BNY, our culture allows us to run our company better and enables employees' growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world's investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.

Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance - and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary.

We welcome you to apply! When applying to this pipeline/general posting, our expert BNY Talent Acquisition Team may also review your resume for consideration across other open roles within the company.

We're seeking a future team member for the role of Senior Director, Head of Cyber Assessments (Pipeline)to join our Information Security team. This role can be located in New York, Pittsburgh, or Lake Mary.

In this role, you'll make an impact in the following ways:

Strategy & Vision

• Define and execute a multiyear offensive security strategy aligned to enterprise risk, threat landscape, and business priorities.
• Establish a riskbased testing portfolio and annual plan spanning application, infrastructure, cloud, OT/IoT, mobile, and thirdparty environments.
• Integrate threat intelligence and MITRE ATT&CK-informed adversary emulation to prioritize impactful scenarios.

Program Delivery & Operations

• Lead a highvolume, global pipeline of tests: scoping, SOWs/LOEs, scheduling, resourcing, change control, and postengagement validation.
• Oversee control testing schedules, exam management, and timely closure of audit and regulatory issues; ensure QA/QC, independence, and separationofduties.
• Drive purpleteam exercises and continuous validation (e.g., BAS) to measure control effectiveness and reduce attacker dwell time.
• Ensure high standards for methodology, reporting quality, reproducibility, and remediation guidance.
• Implement robust metrics, dashboards, and OKRs that show coverage, risk reduction, and timetoremediate
• Key Performance Indicators (KPIs)
  
  
  
  • Riskbased coverage across critical assets and highvalue targets (HVTs).
  • Reduction in control drift and purpleteam dwell time; measurable uplift in detection/response efficacy.
  • Audit and regulatory exam outcomes (ontime, no/lowseverity issues, rapid issue closure).
  • Program throughput and onbudget delivery; vendor performance against SLAs.
  • Stakeholder satisfaction (BU/Tech leaders) and talent retention/engagement
  
  

People Leadership & Culture

• Recruit, develop, and retain top talent across pen test, red team, cloud/offensive engineering, and program management disciplines.
• Build a highperformance culture with clear career paths, mentoring, and communities of practice.

Stakeholder Communication

• Brief executives, Audit Committees, and regulators using clear risk language and defensible evidence.
• Partner with Product & Engineering, IT, and Business Units to prioritize remediation and track measurable risk reduction.

Financial & Vendor Management

• Own budgets, strategic vendor relationships, and SOW negotiations; optimize insource/outsource mix.
• Establish scalable catalog services, rate cards, and standard scoping templates to improve predictability and throughput.

Governance, Risk & Compliance (GRC)

• Govern endtoend regulatory assessment obligations (e.g., SOX, GLBA, GDPR/CCPA, NYDFS, ISO/IEC 27001, MAS TRM), ensuring scope alignment, evidence lifecycle management, and audit readiness.
• Maintain policy, standards, and playbooks for penetration testing and red team operations mapped to NIST SP 800115, PTES, OWASP ASVS/MASVS, MITRE ATT&CK/D3FEND.

To be successful in this role, we're seeking the following:

• 15+ years of progressive experience in Information Security or related fields, including a specialization in offensive security (penetration testing, ethical hacking, red team/adversary emulation).
• 7+ years leading large, multi-regional teams (direct leadership of managers and senior ICs).
• 5+ years owning audit-facing or regulator-facing security programs, including evidence management and exam coordination.
• Evidence lifecycle governance (from scoping approvals to final reports and remediation validation) with strong documentation and version control.
• RASCI models, QA/QC gates, and repeatable playbooks to ensure consistent, auditready outcomes.

Preferred

• Experience in highly regulated industries (e.g., financial services, healthcare, critical infrastructure, technology/SaaS).
• Experience with cloud, containers/Kubernetes, network segmentation, microservices, and modern SDLC/DevSecOps patterns.
• Familiarity with identity and access attacks (SSO/OAuth/OIDC), data security, SaaS attack surfaces, and supplychain testing.
• Handson understanding of offensive tooling and frameworks, with rigorous safety and legal controls.

At BNY, our culture speaks for itself, check out the latest BNY news at:

BNY Newsroom
BNY LinkedIn

Here's a few of our recent awards:

America's Most Innovative Companies, Fortune, 2025
World's Most Admired Companies, Fortune 2025
"Most Just Companies", Just Capital and CNBC, 2025

Our Benefits and Rewards:

BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.

BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.

BNY assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $136,500 and $275,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNY total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and company- sponsored benefit programs.

This position is at-will and the Company reserves the right to modify base (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance and market factors.