Privileged Access Management Analyst


BNY Mellon Bank

Bring your ideas and make history.

BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world’s top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the bank of banks – 97% of the worlds top banks work with us as we lead and serve our customers into the new era of digital.

With over 238 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, were approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what is all about.

Were seeking a future team member in the role of Privileged Access Management, Analyst to join our Information Security Division in the IAM team. This role is in Pittsburgh, PA OR Lake Mary, FL – HYBRID. Our Information Security Division (ISD) is on constant alert using creativity and knowledge of cybersecurity, technology, and business processes to develop and deliver solutions. We collaborate and deliver services to protect the business, our clients, and technology.

Within the Information Security Division, our Identity and Access Management (IAM) service provides security solutions for identity management, web access management, stronger authentication, privileged access management, and platform security for Windows and Linux/UNIX and the Mainframe. These services ensure that the right users and machines have access to the right assets for the appropriate reason and time. IAM also protects our company from unauthorized access and fraud.

Our Information Security Division is on constant alert using their creativity and knowledge of cybersecurity, technology, and business processes to develop and deliver solutions. In this fast-paced environment, we collaborate to respond to current risks while identifying and anticipating future threats.

The Role:

As a senior associate and Privileged Access Management (PAM) Engineer, your responsibilities will include the engineering and configuration of our PAM suite of tools. You will establish and document policies, procedures, and guidelines related to the user and system access. You will be responsible for resolving technical issues in the PAM Platform through problem tracking, diagnosis and root-cause analysis, replication, troubleshooting, and resolution for moderately complex issues. The role also includes supporting the Operational team on all our PAM tooling. We are planning an uplift in our tooling to incorporate state of the art tools which will allow for just-in-time provisioning as well as implementing a tiered privilege model that ensures the least privilege principle is followed. Our PAM tools work across the following technologies: Windows, Kerberos, Mainframe security platforms (RACF, ACF2, and Top Secret), Network appliances, storage and will include most devices that support the technology environment. The role includes blending in with secrets management.

Key Responsibilities:

Analyze existing and potential new PAM tools and technologies to enhance and improve processes
Ensure that proper security settings are applied to reflect the model of least privilege
Understand all PAM functions including but not limited to user entitlement reviews, service account life cycle management, environment hygiene, vaulting, break glass, and conflicting combinations
Analyze, define, and prioritize the business and functional requirements for PAM initiatives
You will need to provide governance for the lifecycle and workflow for all enterprise Privileged accounts
Assist with providing requirements for PAM governance that enforces applicable organization security policies and standards
Identify control gaps and coordinate resolution
Identify improvement opportunities in IAM/PAM governance to increase operational effectiveness and improving the banks risk posture
Assist in the definition of cross platform information security and/or identity management policies and procedures
Create and maintain documentation as it relates to PAM platforms, design, configuration, support, and processes
The individual must have a proven track record in delivering identity solutions that are functional, secure, scalable, and reliable
You will need to demonstrate an understanding of Least privilege and Just In Time concepts
Extensive knowledge and hands on experience of PAM systems (e.g. CyberArk)
Exercise core technical capabilities across Linux, active directory, LDAP, database (Oracle, SQL Server, and others), monitoring, service management, containerized app platforms to diagnose, troubleshoot, and provide technical operational guidance.
Understanding of Cloud platforms such as: AWS, Azure, GCP
Familiarity with identity and access management (IAM) concepts, such as identify lifecycle management, password policies, least privilege, Zero Trust, etc.
Strong understanding with privileged access management controls
Strong interpersonal and communication skills with good stakeholder engagements
Engage and partner with Operational leads with the teams to build, deploy, and maintain the PAM components across application portfolio in highly virtualized environment.
Conceptual understanding of various types of secrets and the circumstances in which they are used.
Knowledge of the capabilities of Secrets Management, including aspects such as discovery and storage.
Experience in actively participating in the build and implementation of a Secrets Management program.
Drive cross-functional engagements focused on delivering continuous improvements including product/service, performance, and operational enhancements.
Proactively identify process improvement areas and lead process improvement initiatives
Ensure PAM tools and processes adhere to IAM governance and compliance policies
To be successful in this role, were seeking the following:

Bachelor’s degree in computer science or a related discipline, or equivalent work experience required.
5+ years of experience in information security or related technology experience required
Minimum 3 years’ experience as an Identity Engineer
Certifications such CISSP/CISM or equivalent are desired
As a member of a small team in a fast-paced environment, this role will require both strong intellectual agility and hands-on technical skills
Detail oriented with creative problem-solving and analytical skills
Excellent written and verbal communication skills
Ability to work in a fast-paced environment and to be an outstanding team player
Willing to do what is needed to get a job done
Our Benefits:

BNY Mellon offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your lifes journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves that can support you and your family through moments that matter.

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals with Disabilities/Protected Veterans. Our ambition is to build the best global team one that is representative and inclusive of the diverse talent, clients and communities we work with and serve and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.

To apply for this job please visit