Vice President, Information Security - Cyber Threat Simulation in Manchester

We’re seeking a future team member to join our team. This role is located in Manchester. In this position, you will be responsible for designing, executing, and continuously improving BNY’s global simulation program. The Cyber Threat Simulation team delivers best-in-class cyber simulation exercises to facilitate internal training and to clients as required. In addition, provide realistic phishing simulations and targeted spear phishing campaigns. This includes planning, executing and preparing reports for BNY’s Cyber Threat Simulation program. The service plays a critical part in strengthening the firm’s human defense layer by delivering realistic simulations and data-driven insights that reduce user susceptibility and improve cyber awareness. The role combines operational execution, scenario design, analytics, automation, and stakeholder engagement, and works closely across CyberSecurity to include but not limited to: SOC, Threat Intelligence, Learning, and Communications teams.

In this role, you’ll make an impact in the following ways:

• Lead and/or assist in the planning and preparation for exercises in conjunction with participating lines of business to determine requirements, manage stakeholders, tailor exercises as required, and coordinate team resourcing and timelines.
• Lead/Participate in post-exercise analysis to translate simulation findings into actionable lessons learned/observations with line of business participants and accountable for producing and quality-reviewing debrief materials and reports.
• Lead and/or assist in the design, build, and execution of both quarterly global phishing tests for employees, contractors, and consultants and targeted spear phishing simulations for high risk populations based on role, access, threat intelligence, and prior susceptibility.
• Execute and maintain the phishing testing consequence model, including instant education, remediation training workflows, repeat offender tracking, and escalation processes.
• Collaborate across Cybersecurity Operations to develop simulations informed by real world threat intelligence, emerging attacker techniques, and business relevant events.
• Support automation and tooling enhancements for simulation and exercise development, campaign execution, consequence model execution, reporting, etc.
• Analyze results to identify risk patterns, high risk populations, and opportunities for targeted intervention.
• Partner with Cyber Awareness, Learning, and Communications teams to integrate phishing testing outcomes into broader awareness initiatives.
• Maintain documentation, operating procedures, and testing standards.
• Identify opportunities to improve program maturity, scalability, and effectiveness through process optimization and automation.

To be successful in this role, we’re seeking the following:

• Bachelor’s degree in Cybersecurity, Information Security, Information Technology, or a related discipline, or equivalent practical experience.
• Strong understanding of cyber war-games, phishing, social engineering techniques, and human centric cyber risk.
• Hands on experience designing or executing phishing simulations, security awareness programs, or related cyber defense activities.
• Ability to analyze data and translate results into clear insights for technical and non-technical audiences.
• Strong written and verbal communication skills, with attention to detail and quality.

Preferred Qualifications:

• Experience working with cyber threat simulation platforms and security awareness tooling.
• Experience supporting global programs with diverse user populations and regulatory considerations.
• Exposure to automation, dashboards, or analytics tools used in cybersecurity programs.
• Relevant security or risk certifications (e.g., CISSP, GIAC, SANS, or equivalent) are a plus but not required.