Associate, Information Security
At BNY, our culture allows us to run our company better and enables employees growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.
Recognized as a top destination for innovators and champions of inclusion, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary.
We re seeking a future team member for the role of Vulnerability Management Operations Associate to join our DEFEND Platform (Information Security Division) team. This role is located in Chennai
In this role, you ll make an impact in the following ways:
- Serve as vulnerability management analyst for information systems as primary responsibility
- Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components.
- Conduct risk-based assessment on security vulnerabilities and determine impact to various IT infrastructures.
- Prioritize risks and drive remediation by outlining and providing advice and solutions to technology owners on effective security controls and counter measures.
- Prioritize remediation activities based upon the results of the Enterprise-wide scanning program, Intel Threat advisories, or internal/external audits.
- Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation.
- Communicate security and compliance issues in an effective and appropriate manner
- Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls
- Validate remedial actions and ensure compliance with information security policy and regulatory requirements.
- Stay abreast on new security vulnerabilities and latest advancements in configuration compliance assessments from internal or external threat intelligence sources.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
- Conducts adhoc vulnerability scans if needed and coordinates remediation with appropriate support teams.
- Collaborate with our IT Stakeholders and LOB application owners.
- 3- 5 years of experience is required
To be successful in this role, we re seeking the following:
- Bachelors degree in information technology (or related field) with minimum of 5 years experience
- Possess strong knowledge of various technologies and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
- Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP) strongly desired.
- Practical experience with identifying, analyzing, and communicating cyber threat and vulnerability information.
- Hold key Cybersecurity Certifications, Security+, CISSP, CEH, SANS etc
- Experience working with cloud technology (Azure, GCP, AWS.)
- Strong working knowledge of vulnerability management toolsets (Qualys, Wiz.io, Xray Jfrog etc.)
- Strong working knowledge of operational baselines hardening
- Knowledge of sound, industry-accepted server software support practices and methodologies
- Familiar with International Standards, NIST Special Publications and Cyber Security Frameworks
- Experience with assessing vulnerability management programs
- Familiarity with General IT infrastructure and enterprise architecture (e.g., Server, Network, Workstation, Cloud, etc.)
- Familiarization with patching processes and related technologies (e.g. BladeLogic, SCCM)
- Familiarity with enterprise risk management and how cyber threats and vulnerabilities integrate into ERM efforts
- Background and knowledge of general cyber security concepts (e.g. defense-in-depth security architectures, security controls)
- Exemplary verbal and written communication skills (English business fluent spoken and written)
- Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation
- Effective interpersonal skills, out-of-the-box thinking and ability to interface with all levels of staff
- Ability to work under pressure and deal with ambiguous situations
- Ability to read and write scripts in various languages. (php, python, ksh, powershell, SQL, and similar)
- Experience and proficiency in a various toolsets and best practices.
- Self-motivated and able to work in an independent manner.
At BNY, our culture speaks for itself, check out the latest BNY news at:
BNY Newsroom
BNY LinkedIn
Here s a few of our recent awards:
- America s Most Innovative Companies, Fortune, 2025
- World s Most Admired Companies, Fortune 2025
- Most Just Companies , Just Capital and CNBC, 2025
