Director, Cyber Policy Modernization & Controls

At BNY, our culture allows us to run our company better and enables employees’ growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world’s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.

Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance – and this is what #Life AtBNY is all about. Join us and be part of something extraordinary.

We’re seeking a future team member for the role of Director, Cyber Policy Modernization & Controls to join our Cybersecurity team. This role can is in NYC, NY.

Role Summary:

The Director, Cyber Policy Modernization & Controls is responsible for leading the execution of the Cyber Policy Modernization project and transitioning the organization to a robust, business-as-usual (BAU) cyber controls environment. This role will drive the modernization of cybersecurity policies, align controls with industry frameworks (CRI, NIST, ISO), and ensure ongoing governance, measurement, and continuous improvement of the enterprise’s cyber control landscape. The Director will collaborate closely with engineering controls, enterprise controls, and cross-functional stakeholders to deliver a harmonized, actionable, and sustainable cyber controls framework.

Key Responsibilities: Project Leadership (Cyber Policy Modernization)

• Lead the end-to-end execution of the Cyber Policy Modernization project, including policy catalogue refresh, control statement standardization, and alignment with industry best practices and regulatory requirements.

• Establish and chair the Cybersecurity Policy Steering Committee for governance, oversight, and decision-making throughout the modernization lifecycle.

• Collaborate with process owners, subject matter experts, and engineering controls teams to identify gaps, baseline existing controls, and implement AI-driven tools for gap analysis and modernization.

• Oversee the development and mapping of control objectives, control statements, and risk statements to ensure clarity, consistency, and traceability.

• Drive the integration of continuous control monitoring, metrics, and reporting into the policy lifecycle.

• Ensure successful transition from project phase to BAU, embedding scalable assurance mechanisms and eliminating redundancies.

BAU (Business-as-Usual) Controls Leadership

• Own and continuously improve the cyber controls framework, maintaining alignment with evolving regulatory, industry, and threat-driven requirements.

• Lead the ongoing governance, refresh, and publication of cybersecurity policies, standards, and procedures according to the established schedule.

• Maintain and enhance the Controls Inventory Master and ensure integration with the Controls Hub and enterprise controls taxonomy.

• Monitor control effectiveness, drive remediation of control gaps, and optimize resource allocation for operational resilience and cost efficiency.

• Oversee the implementation of measurable, business-focused metrics and dashboards for real-time risk and control management.

• Foster a culture of continuous improvement, stakeholder engagement, and cross-functional alignment across engineering, risk, and business units.

Stakeholder Engagement & Communication:

• Serve as the primary liaison between cybersecurity, engineering controls, enterprise controls, and business stakeholders.

• Advocate for policy outcomes, monitor implementation, and ensure transparency through regular reporting and communication.

• Coordinate with audit, regulatory, and risk management teams to ensure defensible, scalable, and compliant security posture.

Required Qualifications:

• Proven experience in cybersecurity policy management, controls modernization, and regulatory alignment (preferably with CRI, NIST, ISO frameworks).

• Demonstrated leadership in cross-functional project delivery and BAU operations within a complex enterprise environment.

• Strong understanding of engineering controls, enterprise controls taxonomy, and control inventory management.

• Experience with AI-driven tools for control gap analysis and policy modernization is a plus.

• Excellent communication, stakeholder management, and governance skills.

Role Evolution:

This role begins as the project lead for Cyber Policy Modernization and transitions into the BAU owner for the cyber controls environment, ensuring the sustainability and maturity of the organization’s cybersecurity posture.

At BNY, our culture speaks for itself, check out the latest BNY news at:

BNY Newsroom

BNY LinkedIn

Here’s a few of our recent awards:

• America’s Most Innovative Companies, Fortune, 2025

• World’s Most Admired Companies, Fortune 2025

• “Most Just Companies”, Just Capital and CNBC, 2025

Our Benefits and Rewards:

BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life’s journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.

BNY assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $116,000 and $246,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNY total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs.

This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors.