Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Position Summary

Evaluates and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new systems and processes meet Enterprise information security requirements and risk appetite.

• Leverages knowledge of technology platforms, tools, and processes.
• Leverages knowledge of information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, laws, rules, regulations.

Coordinates efforts to mitigate/remediate information security risks.

Works with internal and external stakeholders (Ex: Executive leadership, Risk, Audit, SMEs, Regulators). Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 5-8 years of relevant experience and will be an individual contributor.

• Influence: Influences partners through data driven business cases backed by subject matter expertise and collaboration. Ability to challenge in a firm by non-confrontational manner.
• Delivery: Works in a demanding environment, balances competing demand and executes tasks and projects independently.
• Communication: Possesses excellent business communication skills, ability to work with and communicate with all levels across the organization, leveraging advanced written, verbal and presentation skills. Serves as the central point of contact for stakeholder outreach, consultation, and coordination.
• Organization: Delivers across a varied set of priorities, both planned and ad-hoc and adapt within a dynamic and fast paced environment.

Qualifications:

• 5+ years of relevant experience
• Risk Framework knowledge and understanding of Information Security requirements.
• Issue identification, escalation and reporting experience.
• Strong risk and compliance background.
• Proven record in being able to work effectively in a fast-paced, dynamic, highly matrix and complex environment Ability to multi-task, work in a demanding environment and balance competing demands.
• Strong aptitude for strategic and critical thinking with the ability to connect analytical work to the client needs and strategic objectives; client focused.
• Attention to detail, as a high degree of accuracy is required.
• A flexible and solution-oriented perspective, and a determination and desire to find answers to complex issues.
• Excellent written and verbal communication. Must demonstrate strong interpersonal, collaboration and communication skills. Ability to communicate effectively to a variety of audiences.
• Proven ability to develop executive ready communications and presentations.

Desired:

• Data and analytical skills: ability to identify sources and extract data sets for analysis; Ability to confirm accuracy and completeness of data.
• In-depth knowledge of Global Information Security requirements, policies, and standards.
• In-depth knowledge of Global Information Security Tools, Processes and Controls.
• Knowledge of Single Process Inventory (SPI) and/or Process Owner Portal (POP).
• Process improvement and Six Sigma and/or data analysis experience.

Skills:

• Customer and Client Focus
• Interpret Relevant Laws, Rules, and Regulations
• Policies, Procedures, and Guidelines
• Problem Solving
• Quality Assurance
• Business Acumen
• Controls Management
• Innovative Thinking
• Process Management
• Stakeholder Management
• Business Process Analysis
• Data Governance
• Data Privacy and Protection
• Data and Trend Analysis
• Risk Analytics

Enterprise Role Overview:

This job is responsible for developing and supporting enterprise-wide information security policies, procedures, and standards. Key responsibilities include applying knowledge of laws, rules, regulations, and information security concepts (e.g., NIST, COBIT, ISO) to establish and maintain policies, validate alignment of processes and controls to requirements, and report on adherence to policy requirements. Job expectations include using data analytics and partnering with internal teams to verify policy compliance, identify gaps in coverage, and support remediation activities.

Shift:

1st shift (United States of America)

Hours Per Week: 

40