Job Description:
Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our innovative and forward thinking team.
What We Do:
At Bank of America, we handle the finances of over 67 million client relationships every day, including helping them save, borrow, and invest for today and for their future. We stand by our clients each and every day giving them the power to realize their personal financial goals and help make their financial lives better.
The Global Information Security organization is responsible for protecting bank information systems, confidential and proprietary data, and customer information. The team:

• Develops the bank's Information security strategy and policy
• Manages the Information security program and identifies and addresses vulnerabilities
• Develops, deploys and manages a risk-based controls portfolio
• Manages and operates a global security operations center that monitors, detects and responds to cybersecurity incidents

What We're Looking For:
We're looking for the next generation of Cyber security experts - those with a passion for growing a long-term career, building relationships and working with a team of innovative and forward thinking information security professionals. Our cyber team is meant for those looking to make a real impact and build a career in information security. The role is ideal for those who have a passion to work with industry leaders to protect our brand and the customer/client experience by proactively detecting, disrupting, and mitigating cyber security across the organization.
What You'll Get:
From day one, you'll receive training including hands-on practice, personalized coaching and dedicated support throughout your on-boarding experience. With demonstrated success, you'll have the opportunity to advance into many different roles with Global Information Security - with unlimited opportunity to grow throughout your career. You will be supported with dedicated programs, tools, and resources throughout your career journey.
We'll help you:
• Build a successful career at Bank of America through world-class training and on-boarding programs that set you up for success
• Grow in your current role through one-on-one coaching from managers who are invested in your success and training programs that help you excel, build new skills or take on additional responsibility
• Continuously learn and advance your career goals through intentional career paths to the next best role
• Use resources and innovative technologies to optimize the client experience
• Expand your business knowledge and network by partnering with experts in Global Information Security, Global Technology and other lines of business
• Become an expert in what you do
What you can look forward to:
• Ongoing professional development to deepen your skills and optimize your expertise as the industry evolves and changes
• Resources and dedicated support to help you reach your full potential throughout your career
• A benefits program designed to meet the diverse needs of our employees at every stage of their life and help them plan for tomorrow
• Progressive workplace practices and initiatives that promote inclusion
We're a culture that:
• Believes in responsible growth and has a proven dedication to supporting the communities we serve.
• Provides continuous training and developmental opportunities to help people achieve their goals, whatever their background or experience.
• Believes diversity makes us stronger, so we can reflect, connect to and meet the diverse needs of our clients and customers around the world.
• Is committed to advancing our tools, technology, and ways of working. We always put our clients first to meet their evolving needs.
The Cyber Security Defense (CSD) function within Global Information Security is responsible for all aspects of threat intelligence and monitoring, application and network security, and insider threat. In addition, the CSD team drives out the enterprise-wide cyber exercise program.
Position will be a member of the Assurance Risk and Contract Strategy (ARCS) leadership team within the Cyber Security Assurance (CSA) organization in Global Information Security (GIS), and will be responsible for the build and management of a new third party continuous monitoring and oversight function. This position will drive the Bank's third party outreach process relating to significant vulnerabilities or cyber security risks. In addition, this position will be responsible for risk management activities driven by continuous monitoring of third parties and ensuring that identified third party cyber risks are adequately understood and dispositioned by the appropriate business unit(s). This position will interface with senior leaders and partners across GIS and the company to contextualize identified cyber risks in the third party population and drive fact-based decision-making and risk management.
Key Responsibilities
- Drive outreach activities to the third party population to address risks presented by zero day vulnerabilities or other cyber incidents or risk scenarios (e.g., Log4j, Solarwinds, geopolitical events)
o Will require significant partnership with incident management, assessment, procurement and risk teams.
o Will require thoughtful determination of when to engage in outreach, the outreach population and the purpose of that activity (e.g., awareness vs information gathering)
- Build and operate risk-based continuous monitoring program for third parties, taking into account outcomes of assessment activity, open-source intelligence feeds, and other available information
o Will require development and maintenance of a risk-to-action decision framework to drive third party risk management activities
o Will require coordination with procurement, vendor management, remediation, BISO and assessment teams, among others
- Drive engagement activities to ensure identified third party risks are sufficiently understood and actioned (e.g., assessment non-participation, aged findings, risky combination of findings)
o Function will take output from assessment and third party risk analysis teams to support effective decision-making by business units and drive discussion of risks and risk acceptance decisions in risk forums
- Interact with peer institutions in industry forums to share knowledge and address third party risk cyber risk management issues
- Develop/execute multi-year strategic plans/goals to address third cyber party risk management
- Consult with other teams in the larger organization to address third party risks through non-GIS owned processes
Required Skills
- Knowledge and experience with key risk management concepts and information security controls
- Ability to mobilize and motivate teams; set direction and approach; resolve conflict; execute with limited information and ambiguity
- Ability to interact with and influence senior-level technical and non-technical stakeholders
- Excellent communication, meeting facilitation, interpersonal, and leadership skills
- Ability to "connect the dots" across multiple data points, make connections upstream/downstream that may not be easily noticeable
- Strong analytical skills/problem solving/conceptual thinking with experience in business/risk analytics role
- Provides significant thought product in developing both strategic direction and tactical execution
- Minimum 8 years of experience in information security, risk management or related function
Desired/Optional Skills
- Bachelor's degree, or higher, in Information Technology or related field
- Information Security experience
- Project management experience
Enterprise Job Description: Responsible for the leadership of major projects, programs, or processes with significant business impact involving cross-functional team's development to reduce third party information security risk. Influences strategic direction and develops tactical plans. Provides comprehensive solutions to complex problems or needs through interactions between internal and external partners ensuring external parties comply with security policies. Possesses extensive technical or functional knowledge in third party risk management, information security, business continuity, and governance. Typically has 6-10 years of relevant experience. May manage a team.
Shift:
1st shift (United States of America)
Hours Per Week:
40
Learn more about this role