Vice President Merchant Services Application jobs at Bank Of America in Australia, Sydney

Job Overview:

The Cloud Security Specialist is responsible for designing, implementing, and managing security controls across multi-cloud environments, with a specific emphasis on Azure and AWS platforms, to ensure the protection of organizational data and systems. This role requires deep expertise in cloud security, architecture principles, and industry standards. The ideal candidate will work closely with various teams to ensure the security of cloud-based applications, data, and infrastructure.

Key Responsibilities:

• Lead the design and implementation of secure cloud architectures and solutions, ensuring alignment with business objectives and security requirements.
• Maintain and update risk registers and ensure continuous monitoring of cloud security risks.
• Act as a liaison between the security team and other departments to promote a security-first culture.

• Security Controls -
  • Define and implement security controls and policies for cloud environments, ensuring compliance with industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and bank security policies.
  • Continuously improve security controls and processes to enhance the organization's security posture.
  • Develop and maintain documentation for security controls, policies, and procedures.

• Policy as Code (PaC) Implementation -
  • Policies are increasingly managed as code, requiring developers skilled in scripting and programming to define, customize, and automate these policies using tools like HashiCorp Sentinel, Open Policy Agent (OPA), and Terraform.

• Integration with CI/CD Pipelines -
  • Developers ensure that security policies are embedded in CI/CD workflows to enforce compliance during the development and deployment phases.

• Custom Solutions Development -
  • Off-the-shelf security tools often need customization to fit organizational requirements. Developers can write custom modules, scripts, or extensions to adapt these tools effectively.

• Collaboration with Security Teams -
  • Developers act as a bridge between security and DevOps teams, ensuring that security policies align with operational workflows without hindering development agility.

• Governance and Regulatory Compliance -
  • Conduct regular security assessments and audits of cloud environments to identify and mitigate risks.
  • Conduct risk assessments to identify potential security threats and vulnerabilities in cloud environments.
  • Evidence Package Creation - Package evidence of security policies deployment and effectiveness proving to non-technical audience, Audit and Governance Teams, the effectiveness of security policies.
  • Participate in internal and external audits to demonstrate compliance with cloud security requirements.

Required Skills:

• 5 years of experience in cloud security.
• Currently hold active AWS Security Specialty or Azure AZ-500 certification.
• In-depth understanding of cloud security principles, best practices, and industry frameworks such as OWASP Top 10, NIST, CSA, CIS benchmarks.
• Familiarity in programming and scripting languages such as Python, TF, Go, or JavaScript.
• Experience building and implementing IaC/PaC governance strategies with appropriate tooling (e.g., Terraform, CloudFormation, OPA, HashiCorp Sentinel, etc.).
• Strong understanding of CI/CD pipelines and DevOps practices.
• Hands-on experience with cloud-native and third-party security solutions, including Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWPP).
• Demonstrated capability to translate technical information into a format that a non-technical audience will understand and clear communication skills.

Desired Skills:

• Relevant industry certifications such as ISC2 and SANS GIAC are highly desirable.
• Strong communication and interpersonal skills to work effectively with cross-functional teams.
• Ability to manage multiple projects and priorities in a fast-paced environment.

Key Responsibilities:

• Oversee and execute assigned areas of audit work for Global Markets business in Asia Pacific, providing day to day guidance to teammates.
• Execute audit strategy for the sound application of risk-based auditing by defining audit scope, audit program, and test procedures.
• Typically acts as Auditor-in-Charge (AIC) for Global Markets audits. When leading an audit engagement, is responsible for day-to-day coaching, mentoring, and performance feedback. Fosters an inclusive work environment.
• Oversee assessment and coverage of risks and emerging risks for Australia.
• Oversees audit testing to ensure timely execution within quality standards and conformance to audit policies and procedures.
• Assesses issues for impact to business processes (Global Markets (GM) businesses and the relevant control functions), controls and strategies, recommends severity ratings and escalation of broad themes or trends.
• Drafts quality and timely audit reports and shares results with business leaders.
• Manages business partner relationships when conducting specific audits; primary engagement is with line management.
• Candidate will be required to engage with senior management within Audit and the line of business, audit teams and also face off regulators.
• Exercises critical thinking and judgment to effectively influence management to improve the control environment.

Key Requirements:

• Minimum of 10-12 years or more of working experience in a Global Markets Audit team covering Front Office trading activities.
• Excellent analytical skills and strong communication skills to effectively engage with both stakeholders and regulators.
• In-depth knowledge and Audit execution background of Global Markets business and relevant control functions and strong understanding of local regulatory requirements in Australia.
• Ability to work in a team environment, focus on high quality execution and lead audit assignments.

The Role:

The role will be responsible for the production strategic equity research and compelling tactical investment ideas to our highly sophisticated global and local client base. To deliver this, you will have access to world leading Commodities Research and support from the regional and global platform including highly ranked Economic and ESG Research.

To be successful, you will have a strategic mindset and developed commercial acumen with the technical skills to perform forward-looking modeling, industry research and valuation projections; and skills to present investment ideas to guide and advise sophisticated internal and external audiences.

Key Responsibilities:

• Lead Analyst responsibility for Precious Metals and other Metals and Mining Stocks. This will include production of thematic and company specific strategic equity research and compelling tactical investment ideas.
• Development of forward-looking modeling, industry research and valuation projections to drive the delivery of high-quality research for our clients.
• Further deepen and expand strong relationships in the Australian Resources Sector with both companies’ investor relations, company management, other industry participants and institutional investors.
• Collaborate with local and regional colleagues on research projects to enhance the overall Natural Resources Research offering.
• Adherence to local and global regulations and firm policies to mitigate regulatory, operational, and reputational risk. Demonstrating ethics and integrity in alignment to the bank’s values and expectations on conduct.

Preferred Background, Qualifications and Skills:

• Relevant work experience preferably gained within banking, sell side equity research, buy side investment analysis or corporate experience that forms a strong foundational knowledge to excel in the role.
• Deep technical skills across company and industry analysis with the business acumen and strategic mindset to develop compelling research.
• Communication, influencing and presentation skills with the ability to develop relationships with internal stakeholders and teammates.
• A collaborative and creative mindset with the ability to work as part of the collective regional resources team.
• Meticulous attention to detail, with the drive to deliver results and willingness to take responsibility for the outcomes are essential for the role.
• Highly motivated, proactive, curious and a high level of enthusiasm for equity research.

Your background

• Proven experience handling Information Security related events and incidents.
• Experience in an operations focused role with an emphasis on cyber incident response.
• Demonstrable experience in the coordination of containment activities related to cyber security incidents.
• Familiarity with security vulnerabilities exploits and APT tools, techniques, and procedures.
• Familiarity with network security vulnerabilities, exploits, malware, and digital forensics desirable.
• An excellent verbal and written communicator who can adapt to their audience.
• Decisive and can make difficult decisions in what can be a high-pressure environment.
• Exercise independent judgment in methods, techniques, and evaluation criteria for obtaining results.
• Able to handle multiple competing priorities in a fast-paced environment and act without causing an undue delay.
• Supportive and can work well as part of a team as well as independently.
• Ability to remain calm under pressure.
• Ability to work in a strong team-orientated environment with a sense of urgency and resilience.
• Must be able to think outside the box and develop solutions to accomplish seemingly impossible tasks whilst remaining risk and objective focused, with an investigative mindset.
• Security+ or equivalent certification.
• GCIH or equivalent certification required within six months of employment.

What you can expect

The role of the Senior Incident Manager is to coordinate the response and recovery activities from information security incidents. This includes collaboration with appropriate response, assist with determining the root cause of incidents and work with stakeholders and responsible parties to remediate any identified control gaps or failures; Escalate issues to management in a timely manner with appropriate information regarding severity, exposure, and action items; this role requires critical thinking and investigative mindset coupled effective written, and verbal communication skills.

This is a senior role on the team with high visibility at the global level including interacting with and providing direct updates to executives and senior leadership stakeholders. A Senior Incident Manager provides their knowledge and expertise in incident response to lead, mentor, and challenge associates on the team. The team conducts follow-the-sun (FTS) operations which you will work closely with AMRS and APAC regions.

What you will do

• Establish oversight of information security events and cyber incidents and communicate analysis, containment and remediation efforts to all business partners.
• Cyber incident response and recovery plans will be available to use and should be maintained by the team. Any issues that require management escalation will be expected to be completed in a timely manner including all appropriate information in relation to risk and action times.
• The Cyber Incident Manager will be expected to provide status updates and post-incident findings for executives and stakeholders in non-technical terms encompassing risk, impact, likelihood, containment and remediation activities and threat actors.
• Risk management including briefing and recommending actions to executive leadership within Global Information Security and other business partners on events and incidents.

What you can expect

The role of the Senior Incident Manager is to coordinate the response and recovery activities from information security incidents. This includes collaboration with appropriate response, assist with determining the root cause of incidents and work with stakeholders and responsible parties to remediate any identified control gaps or failures; Escalate issues to management in a timely manner with appropriate information regarding severity, exposure, and action items; this role requires critical thinking and investigative mindset coupled effective written, and verbal communication skills.

This is a senior role on the team with high visibility at the global level including interacting with and providing direct updates to executives and senior leadership stakeholders. A Senior Incident Manager provides their knowledge and expertise in incident response to lead, mentor, and challenge associates on the team. The team conducts follow-the-sun (FTS) operations which you will work closely with AMRS and APAC regions.

What you will do

• Establish oversight of information security events and cyber incidents and communicate analysis, containment and remediation efforts to all business partners.
• Cyber incident response and recovery plans will be available to use and should be maintained by the team. Any issues that require management escalation will be expected to be completed in a timely manner including all appropriate information in relation to risk and action times.
• The Cyber Incident Manager will be expected to provide status updates and post-incident findings for executives and stakeholders in non-technical terms encompassing risk, impact, likelihood, containment and remediation activities and threat actors.
• Risk management including briefing and recommending actions to executive leadership within Global Information Security and other business partners on events and incidents.

Your background

• Proven experience handling Information Security related events and incidents.
• Experience in an operations focused role with an emphasis on cyber incident response.
• Demonstrable experience in the coordination of containment activities related to cyber security incidents.
• Familiarity with security vulnerabilities exploits and APT tools, techniques, and procedures.
• Familiarity with network security vulnerabilities, exploits, malware, and digital forensics desirable.
• An excellent verbal and written communicator who can adapt to their audience.
• Decisive and can make difficult decisions in what can be a high-pressure environment.
• Exercise independent judgment in methods, techniques, and evaluation criteria for obtaining results.
• Able to handle multiple competing priorities in a fast-paced environment and act without causing an undue delay.
• Supportive and can work well as part of a team as well as independently.
• Ability to remain calm under pressure.
• Ability to work in a strong team-orientated environment with a sense of urgency and resilience.
• Must be able to think outside the box and develop solutions to accomplish seemingly impossible tasks whilst remaining risk and objective focused, with an investigative mindset.
• Security+ or equivalent certification.
• GCIH or equivalent certification required within six months of employment.

Job Description:

Job Description:

This role is seated in the Asia FICC Technology to support the FICC trading platforms covering Risk/Pricing and eTrading shared across APAC regions with focus on driving Australia demands to be integrated into global tech stack.

The primary responsibility is to act as a liaison between the Front Office Trading Desks, Technology Teams, and other stakeholders to ensure seamless delivery of Asia-specific business requirements and global initiatives.

The platforms would support pricing/risk management/market making of FICC products (Bonds, Swaps, CDS, FX, Repos, other FICC Derivatives etc.), offering also our offering on eTrading and voice channels.

Responsibilities:

• Business liaison and Stakeholder management: Act as the single point of contact for the Asia Front Office Trading Desks, ensuring clear communication between business and technology teams. The impact is regional/global given the role is expected to drive FICC global platform evolution serving Australia business needs.
• Requirement Gathering and Analysis: Collaborate with Front Office Trading Desks to define business requirements for regional and global deliverables. Analyze business needs and translate them into actionable technical specifications for development teams.
• Project Management: Manage end-to-end delivery of projects, ensuring alignment with business priorities and timelines. Coordinate with regional and global teams to track progress, resolve issues, and ensure timely completion of deliverables.
• Development management: Drive automations/development within global and local platform catering to regional/global/local demands to catering to market variations. Striking the right balance between interim and strategic solutions and participating into architectural reviews of the platform to drive the value to the FICC franchise.
• Testing and Validation: Work closely with QA teams to define test cases and validate solutions against business requirements. Facilitate User Acceptance Testing (UAT) and ensure sign-off from business users.
• Production Support: Collaborate with support teams to address production issues and outages, ensuring minimal disruption to trading operations. Provide timely responses to business queries related to system functionality and performance.
• Domain Expertise Development: Build expertise in Rates/FX/credit trading products (Bonds, CDS, IRS etc.), OTC markets (Bloomberg, MarketAxess, Tradeweb), and trade execution processes. Stay updated on regulatory changes and market trends impacting FICC trading.

Required Skills:

• Strong understanding of FICC trading products, including Bonds, Swap, CDS, FX, Repos, other FICC Derivatives etc.
• Familiarity with OTC markets such as Bloomberg, MarketAxess, and Tradeweb.
• Knowledge of trade execution and post-trade processing concepts.
• Ability to understand technical concepts and communicate effectively with development teams.
• Familiarity with SDLC processes and agile methodologies is a plus.
• Strong analytical skills to define problems, identify solutions, and drive resolution.
• Ability to manage competing priorities and deliver results under tight deadlines.
• Communication and Collaboration:
• Excellent communication skills to interact with regional and global stakeholders.
• Proven ability to work collaboratively across teams and geographies.

Desired Skills:

• Prior experience as software engineer with special skills in automation and tooling, Business Analysis, Project Management, or Desk-Aligned role within financial services, preferably in FICC trading for voice and eTrading platforms.
• Exposure to agile methodologies and front to back programs spanning various pre-trade, trading and post trade capabilities is highly desirable.

Job Description:

Responsibilities include, but are not limited to:

• Working with Malware Defense control owners to evolve malware control strategy and capabilities.
• Mentioning and training other analysts, helping them to improve their malware analysis and reverse engineering skillsets.
• In-depth analysis of malware, including authoring analysis reports.
• Tracking malware campaigns, malicious actors, and related infrastructure.
• Creation of tools and scripts to assist in the analysis of malware analysis.

Required Skills:

• Strong direct experience of analyzing malware.
• Intermediate to advanced malware analysis skills.
• Intermediate to advanced experience reverse engineering tools such as IDA Pro, x64dgb, OllyDbg, Immunity Debugger and/or Ghidra.
• Intermediate to advanced experience analyzing dissembled x86 and x64 code. Experience analyzing dissembled code for other architectures (ARM, MIPS, etc.) is a plus.
• Intermediate to advanced experience reverse engineering malware code written in C, C++, VisualBasic, Java, .NET, Delphi, JavaScript, and VBScript.
• Solid background in C++ programming and Win32 API’s.
• Experience creating malware analysis tools and scripts for use in tasks such accelerating malware analysis, unpacking malware, and extracting data (ex – configuration extraction).
• Experience building and maintain scripts to emulate malware and parse c2 response traffic is a plus.
• Experience in encryption/obfuscation and how to reverse it is desired.
• Can create innovative ways to track progression of malware families, infrastructure and campaigns conducted by ecrime, and cyber espionage actors.
• Experience with penetration testing and/or adversary emulation is a plus.
• Background in network traffic analysis.
• Knowledge of networking protocols: TCP/IP, HTTP/HTTPs, FTP, IRC etc.
• GCIH, GREM, GCFA or CISSP is desired, but not required.
• Able to work independently on tasks, but also work well within a team environment.