Cloud & Mobile Malware Control Owner jobs at Bank Of America in United States, Chicago

Job Description:

This job requires partnership with business function leaders, operations process owners and subject matter experts (SMEs), to provide an end to-end view of their processes, analyze impacts and data, and contribute to the optimization of the organization through data accuracy and completeness.

Key responsibilities include applying knowledge of laws, rules, regulations, and information security concepts (e.g., NIST, COBIT, ISO) to validate indicative data alignment to processes and controls to requirements.
Job expectations include using data analytics, identifying gaps in coverage and data inaccuracies, and support remediation activities.

At least 3 years of related experience required.

Responsibilities:
• Manage the process inventory, reflecting accurate information that supports effective decision making, and ensuring compliance to enterprise policy and standard requirements
• Ensures process information meet enterprise standards, adhere to applicable rules, laws, and regulations, and comply with appropriate treatment of risk
• Identifies information security gaps and remediation strategies
• Process analysis to improve data accuracy and completeness
• Process improvements based on enterprise and Global Technology guidelines, organization maturity, challenges and issue remediation
• Provide end-to-end high-quality view of processes within business functions with proper identification of hand-offs and process connectors
• Support the organization’s short-and-long term strategy
• Supports a strategy of continuous improvement and acts as liaison with Global Technology and Enterprise Process Management teams
• Prepare presentations and process overview utilizing models and complementary data to assist leaders in process re-engineering activities
• Partner with stakeholders to ensure the inventory aligns to GIS policy and standard requirements in support of adherence monitoring

Required Qualifications:
• Prior related experience or business exposure desired and strong delivery mindset
• Analytical and design-oriented mindset
• Data analytics and Problem Solving
• Data driven and Trend Analysis
• Delivery Excellence
• Strong presentation skills
• Excels in working among diverse viewpoints to determine the best path forward
• Excellent verbal and communications skills
• Quality Assurance
• Innovative and Critical thinking skills – ability to assess quantitative and qualitative data to identify key themes that require deeper analysis and assessmentOther Qualifications/Desired Skills:
• Ability to identify opportunities from a process efficiency perspective and continuously challenge current state of GIS processes
• Prior experience in Information Security desirable
• Preferred process improvement and Operational Excellence exposure
• Ability to understand new technologies, intellectually curious
• Commitment to challenging the status quo and promoting positive change
• Experience working in a global environment

Skills:

• Customer and Client Focus

• Interpret Relevant Laws, Rules, and Regulations

• Policies, Procedures, and Guidelines

• Problem Solving

• Quality Assurance

• Business Acumen

• Controls Management

• Innovative Thinking

• Process Management

• Stakeholder Management

• Business Process Analysis

• Data Governance

• Data Privacy and Protection

• Data and Trend Analysis

• Risk Analytics

This job is responsible for leading evaluations of cyber security threats and enhancing defensive capabilities to reduce the bank's risk of exposure. Key responsibilities include conducting analyses of the threat environment and threats to the bank, including post incident analysis, applying a multi-faceted situational awareness of cyber security process to protect against threats, and implementing proactive defensive actions for the security, continuity, and confidentiality of information.

Key Responsibilities
• Control Ownership & Governance:
• Own and manage malware controls related to cloud and mobile platforms. Ensure controls are effective, measurable, and aligned with enterprise risk tolerance.
• Threat Management & Response:
• Collaborate with incident response teams to triage and respond to malware threats targeting cloud and mobile environments. Support post-incident reviews and drive improvements.
• Technology Risk Oversight:
• Identify and assess risks associated with cloud and mobile malware threats. Partner with risk and oversight teams to implement mitigation strategies.
• Operational Integration:
• Work across operational teams to integrate malware controls into existing workflows and technologies. Ensure seamless execution and reporting of control effectiveness.
• Metrics & Reporting:
• Develop and maintain operational metrics and dashboards to track control performance. Provide regular updates to leadership and stakeholders.
• Collaboration & Communication:
• Engage with cross-functional teams including GIS, cloud engineering, mobile development, and enterprise risk. Communicate technical findings and strategic recommendations clearly to both technical and non-technical audiences.
• Continuous Improvement:
• Stay current with emerging malware tactics targeting cloud and mobile platforms. Lead initiatives to enhance detection, prevention, and response capabilities.

Minimum 5 Years of Experience

• 5+ years of experience in malware analysis and incident response, with a focus on cloud and/or mobile platforms.
• Strong understanding of cloud service provider security models (AWS, Azure, GCP).
• Experience with mobile malware analysis (Android/iOS), including static and dynamic techniques.
• Familiarity with cloud-native security tools and mobile threat defense platforms.
• Ability to assess malware threats and extract Indicators of Compromise (IoCs).
• Strong documentation and reporting skills.
• Experience working in large enterprise environments with cross-functional teams.

Desired Qualifications
• Experience with sandbox technologies and virtualized analysis environments.
• Knowledge of mobile app reverse engineering tools (e.g., JADX, Frida, MobSF).
• Familiarity with cloud logging and monitoring tools (e.g., CloudTrail, Azure Monitor).
• Experience with SIEM platforms and event correlation.
• Knowledge of forensic artifacts in cloud and mobile environments.
• Experience with mobile security products like Lookout, CrowdStrike Mobile
• Experience with Microsoft Defender, Microsoft Sentinel, AWS Guard Duty, Google Cloud Security Center)

Certifications (Desired but not Required)
• CCSP, CCSK, GPCS, GMOB, GCIH, GREM, GCFA, GCFE, CISSP, or equivalent certifications.

Skills:

• Cyber Security

• Data Privacy and Protection

• Problem Solving

• Process Management

• Threat Analysis

• Access and Identity Management

• Business Acumen

• Interpret Relevant Laws, Rules, and Regulations

• Risk Analytics

• Stakeholder Management

• Data Governance

• Data and Trend Analysis

• Incident Management

• Information Systems Management

• Technology System Assessment

Job Description:

The Critical Application Monitoring Control Specialist role will execute against the Cyber Security Application Monitoring strategy by building detection use case parameters for critical applications. To succeed in this role, you should have enterprise level experience translating business requirements into technical requirements, worked with Splunk and/or other logging technologies, and be able to discuss Cyber Security detections with Application Managers.

You should also possess strong written and verbal communication skills including ability to communicate clearly and concisely to various levels, up to and including executive level management, and explain the need for key controls to technical and non-technical resources.

Technical skills required include but not limited to:
• Enterprise Business Analysis
• Information Security Controls
• Enterprise Risk Management
• Application Security
• Splunk and/or other logging technologies
• Ability to read, understand and interpret application logs

Required Qualifications:
• Minimum of 5 years of enterprise IT or Cybersecurity (preferred) experience
• Previous information technology/application oversight/logging and monitoring experience
• Ability to work both independently as well as part of a team
• Ability to plan, execute and document assessment activities following established processes and procedures

Skills:

• Customer and Client Focus

• Interpret Relevant Laws, Rules, and Regulations

• Policies, Procedures, and Guidelines

• Problem Solving

• Quality Assurance

• Business Acumen

• Controls Management

• Innovative Thinking

• Process Management

• Stakeholder Management

• Business Process Analysis

• Data Governance

• Data Privacy and Protection

• Data and Trend Analysis

• Risk Analytics

Job Description:

Role requires 3 years of experience.

Job Responsibilities:
• Identify vulnerabilities and misconfigurations across the Azure platform, resources, and workloads.
• Maintain cloud security posture management (CSPM) and vulnerability management tools such as Defender, Wiz, Qualys, CrowdStrike.
• Develop automated detection and monitoring for insecure configurations, excessive permissions, and non-compliant deployments.
• Partner with engineering, DevOps, and application teams to provide remediation guidance and drive secure by design solutions.
• Triage and report vulnerabilities with risk ratings to ensure timely remediation.
• Research and stay ahead of emerging cloud threats, vulnerabilities, and industry best practices.
• Contribute to cloud security standards, baselines, and playbooks to improve enterprise-wide security posture.
• Support governance, risk, and compliance requirements by ensuring alignments with regulatory and internal policy standards.
• Drive Cloud Security solutions in alignment with the Bank’s cloud strategy and in accordance with security best practices.
• Develops strong partnerships by demonstrating operational expertise as a subject matter expert.

Required Qualifications
• Experience with Microsoft Azure native services, tools, and architecture.
• Understanding of cloud security principles and practice
• Working knowledge of cloud threat landscape
• Technical experience in infrastructure and/or security functions
• Understanding of DevSecOps and CI/CD pipeline integration through security engineering lifecycles.
• Understanding of Threat modeling and frameworks
• Understanding of vulnerability management and scanning tools
• Experience in project management
• Well-developed analytic, qualitative, and quantitative reasoning skills with a demonstrated creative problem-solving ability.
• Ability to work independently with little oversight on complex initiatives.
• Extremely motivated, hungry to learn
• Ability to communicate complex concepts to all levels of understanding and technical ability.

Desired Qualifications
• CISSP/CCSP/CISM
• Cloud specific Security certifications such as SANS/GIAC
• Vendor specific and relevant certifications – AZ-500, SC-200, AZ-204, CKA, CKS, RHCE, etc
• Bachelors degree in a technical field

Job Description:

This role requires 3 years of experience.

Job Responsibilities:
• Identify vulnerabilities and misconfigurations across the AWS platform, resources, and workloads.
• Maintain cloud security posture management (CSPM) and vulnerability management tools such as Inspector, Wiz, Qualys, CrowdStrike.
• Develop automated detection and monitoring for insecure configurations, excessive permissions, and non-compliant deployments.
• Partner with engineering, DevOps, and application teams to provide remediation guidance and drive secure by design solutions.
• Triage and report vulnerabilities with risk ratings to ensure timely remediation.
• Research and stay ahead of emerging cloud threats, vulnerabilities, and industry best practices.
• Contribute to cloud security standards, baselines, and playbooks to improve enterprise-wide security posture.
• Support governance, risk, and compliance requirements by ensuring alignments with regulatory and internal policy standards.
• Drive Cloud Security solutions in alignment with the Bank’s cloud strategy and in accordance with security best practices.
• Develops strong partnerships by demonstrating operational expertise as a subject matter expert.

Required Qualifications:
• Experience with AWS native services, tools, and architecture.
• Understanding of cloud security principles and practice
• Working knowledge of cloud threat landscape
• Technical experience in infrastructure and/or security functions
• Understanding of DevSecOps and CI/CD pipeline integration through security engineering lifecycles.
• Understanding of Threat modeling and frameworks
• Understanding of vulnerability management and scanning tools
• Experience in project management
• Well-developed analytic, qualitative, and quantitative reasoning skills with a demonstrated creative problem-solving ability.
• Ability to work independently with little oversight on complex initiatives.
• Extremely motivated, hungry to learn
• Ability to communicate complex concepts to all levels of understanding and technical ability.

Desired Qualifications
• CISSP/CCSP/CISM
• Cloud specific Security certifications such as SANS/GIAC
• Vendor specific and relevant certifications – AZ-500, SC-200, AZ-204, CKA, CKS, RHCE, etc.
• Bachelors degree in a technical field

Job Description:

Job Description:

This role is responsible for completing and tracking compliance deliverables to ensure applications adhere to applicable policies and standards as well as local laws, rules and regulations (LRR). Key responsibilities include completing administrative and non-technical tasks related to compliance deliverables and infrastructure requests for the applications they support. They support vendors, development teams and technology managers to ensure technical security, risk, and other compliance activities are completed on-time and per requirements. These individuals partner closely with control functions, risk management and Global Information Security (GIS) and are familiar with the applicable policies, standards, LRRs, contacts and procedures so that the compliance deliverables are completed effectively and efficiently.

Key Responsibilities:

• Ensure that risk, security, and other compliance deliverables are completed on time and per requirements for the applications they support.
• Complete administrative and non-technical tasks related to compliance deliverables (for example: access reviews, assessments, questionnaires, procedural requirements, etc.).
• Assist with audit exams and risk assessments for the applications.
• Track and support the technical security and risk activities performed by the development teams (for example: remediation of non-permitted technology or security vulnerabilities, technical recovery planning, disaster recovery exercises, etc.).
• Maintain data about the application in AppHQ and other systems of record.
• Work closely with vendors for vendor applications to ensure the application meets bank requirements.
• Assist with ad hoc inquiries and questions about the application.
• Interface with technology infrastructure teams for infrastructure requirements like requests for additional storage.

Required Qualifications

• 2+ years of experience working in regulated environment.
• Basic understanding of technology, Intellectually curious and eager to learn.
• Exceptional communication and interpersonal skills, with the ability to understand complex technical concepts.
• Strong analytical and problem-solving skills to make informed decisions, prioritize effectively.
• Detail-oriented mindset, time management and strategic planning to successfully meet aggressive deadlines.
• The ability to handle stressful situations.

Skills:

• Collaboration
• Risk Management
• Analytical Thinking
• Data Management
• Solution Delivery Process
• Agile Practices
• Automation
• Result Orientation
• Solution Design
• Test Engineering
• Application Development
• Architecture