Senior Vice President, Cyber Threat Simulation

As a Senior Vice President, Cyber Threat Simulation you will join the enterprise Cyber Threat Simulation service at BNY, part of the Cybersecurity Platform in Engineering. In this position, you will be responsible for designing, executing, and continuously improving BNY's global simulation program. This role is in New York City, NY.

The Cyber Threat Simulation team delivers best-in-class cyber simulation exercises to facilitate internal training and to clients as required. In addition, provide realistic phishing simulations and targeted spearphishing campaigns. This includes planning, executing and preparing reports for BNY's Cyber Threat Simulation program. The service plays a critical part in strengthening the firm's human defense layer by delivering realistic simulations and data-driven insights that reduce user susceptibility and improve cyber awareness.

The role combines operational execution, scenario design, analytics, automation, and stakeholder engagement, and works closely across Cyber Security to include but not limited to: SOC, Threat Intelligence, Learning, and Communications teams.

Responsibilities:

• Lead and/or assist in the planning and preparation for exercises in conjunction with participating lines of business to determine requirements, manage stakeholders, tailor exercises as required, and coordinate team resourcing and timelines.
• Work closely with the CTS leadership on facilitating cyber security simulation exercises for audiences that may include senior management and executives; sets the tone, pace, and engagement model for the session.
• Lead/Participate in post-exercise analysis to translate simulation findings into actionable lessons learned/observations with line of business participants and accountable for producing and quality-reviewing debrief materials and reports.
• Lead and/or assist in the design, build, and execution of both quarterly global phishing tests for employees, contractors, and consultants and targeted spearphishing simulations for highrisk populations based on role, access, threat intelligence, and prior susceptibility.
• Execute and maintain the phishing testing consequence model, including instant education, remediation training workflows, repeatoffender tracking, and escalation processes.
• Collaborate across Cybersecurity Operations to develop simulations informed by realworld threat intelligence, emerging attacker techniques, and businessrelevant events.
• Support automation and tooling enhancements for simulation and exercise development, campaign execution, consequence model execution, reporting, etc.
• Analyze results to identify risk patterns, highrisk populations, and opportunities for targeted intervention.
• Partner with Cyber Awareness, Learning, and Communications teams to integrate phishing testing outcomes into broader awareness initiatives.
• Maintain documentation, operating procedures, and testing standards.
• Identify opportunities to improve program maturity, scalability, and effectiveness through process optimization and automation.

Requirements

• A confident, polished presenter and lead facilitator, able to pivot quickly and adapt during a simulation to maintain tempo and steer discussion toward outcomes; able to coach others to deliver the same standard.
• 10+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus
• A strong understanding of data analysis (ability to draw actionable conclusions) and data presentation, translating complex findings into clear narratives for senior stakeholders.
• Handson experience designing or executing phishing simulations, security awareness programs, or related cyber defense activities.
• Strong understanding of phishing, social engineering techniques, and humancentric cyber risk.
• Scrupulous attention to detail with ownership for quality standards across scenarios, facilitation materials, and reporting.
• Bachelor's degree in Cybersecurity, Information Security, Information Technology, or a related discipline, or equivalent practical experience.
• Ability to analyze data and translate results into clear insights for technical and nontechnical audiences.
• Strong written and verbal communication skills, with attention to detail and quality.

Preferred Qualifications

• Experience working with cyber threat simulation platforms and security awareness tooling.
• Experience supporting global programs with diverse user populations and regulatory considerations.
• Exposure to automation, dashboards, or analytics tools used in cybersecurity programs.
• Relevant security or risk certifications (e.g., CISSP, GIAC, SANS, or equivalent) are a plus but not required.

.