Information Security Operations Business Control Specialist jobs at Bank Of America in United States, Chicago

Job Description:

This job requires partnership with business function leaders, operations process owners and subject matter experts (SMEs), to provide an end to-end view of their processes, analyze impacts and data, and contribute to the optimization of the organization through data accuracy and completeness.

Key responsibilities include applying knowledge of laws, rules, regulations, and information security concepts (e.g., NIST, COBIT, ISO) to validate indicative data alignment to processes and controls to requirements.
Job expectations include using data analytics, identifying gaps in coverage and data inaccuracies, and support remediation activities.

At least 3 years of related experience required.

Responsibilities:
• Manage the process inventory, reflecting accurate information that supports effective decision making, and ensuring compliance to enterprise policy and standard requirements
• Ensures process information meet enterprise standards, adhere to applicable rules, laws, and regulations, and comply with appropriate treatment of risk
• Identifies information security gaps and remediation strategies
• Process analysis to improve data accuracy and completeness
• Process improvements based on enterprise and Global Technology guidelines, organization maturity, challenges and issue remediation
• Provide end-to-end high-quality view of processes within business functions with proper identification of hand-offs and process connectors
• Support the organization’s short-and-long term strategy
• Supports a strategy of continuous improvement and acts as liaison with Global Technology and Enterprise Process Management teams
• Prepare presentations and process overview utilizing models and complementary data to assist leaders in process re-engineering activities
• Partner with stakeholders to ensure the inventory aligns to GIS policy and standard requirements in support of adherence monitoring

Required Qualifications:
• Prior related experience or business exposure desired and strong delivery mindset
• Analytical and design-oriented mindset
• Data analytics and Problem Solving
• Data driven and Trend Analysis
• Delivery Excellence
• Strong presentation skills
• Excels in working among diverse viewpoints to determine the best path forward
• Excellent verbal and communications skills
• Quality Assurance
• Innovative and Critical thinking skills – ability to assess quantitative and qualitative data to identify key themes that require deeper analysis and assessmentOther Qualifications/Desired Skills:
• Ability to identify opportunities from a process efficiency perspective and continuously challenge current state of GIS processes
• Prior experience in Information Security desirable
• Preferred process improvement and Operational Excellence exposure
• Ability to understand new technologies, intellectually curious
• Commitment to challenging the status quo and promoting positive change
• Experience working in a global environment

Skills:

• Customer and Client Focus

• Interpret Relevant Laws, Rules, and Regulations

• Policies, Procedures, and Guidelines

• Problem Solving

• Quality Assurance

• Business Acumen

• Controls Management

• Innovative Thinking

• Process Management

• Stakeholder Management

• Business Process Analysis

• Data Governance

• Data Privacy and Protection

• Data and Trend Analysis

• Risk Analytics

Responsibilities:

Developing a comprehensive and in-depth understanding of the Bank of America Private Bank portfolio construction process with respect to alternative investments, including hedge funds, private equity, and real assets.

• Creating and executing a business strategy that allows the candidate to work independently in the territory alongside local Private Bank market leadership. The business strategy will also include working closely with other members of the Alternative Investments Sales Team, home office leadership, and select third-party product partners to cultivate and grow future Alts business prospects.
• Providing proactive and solutions-oriented feedback based on interactions with internal operations, marketing, product origination, risk, legal and compliance partners to enhance the overall client and PM experience.
• Staying current on trends impacting both the broader financial markets and alternative investment strategies in order to educate our clients and Private Bank PMs on underlying manager performance attribution and the importance of diversification.

Qualifications:

• 8+ years of financial services product and/or sales experience
• Knowledge of alternative investment products
• Travel throughout coverage area (3-4 days a week)
• Strong oral and written communication skills
• Self-motivated individual with a passion for alternative investments
• Undergraduate degree in Finance, Marketing or Business Administration (CFA, CAIA or MBA a plus) is preferred
• Series 7 & 66 preferred at time of hire or must be able to obtain within 120 days of start date

Skills:

• Client Management
• Client Solutions Advisory
• Customer and Client Focus
• Pipeline Management
• Relationship Building
• Collaboration
• Presentation Skills
• Prospecting
• Referral Management
• Wealth Planning
• Referral Identification

Job Description:

Job Description:

Role Responsibilities:

• Develop and execute a comprehensive strategy for integrating AI into Cyber Threat Defense operations.
• Build and lead a team of AI engineers, data scientists, and security professionals focused on applying AI to threat detection, response automation, and adversarial simulation.
• Partner with GIS operational and technical teams to identify opportunities for AI-driven enhancements to security controls and architecture.
• Lead the design and deployment of AI-powered tools for threat hunting, anomaly detection, and automated incident response.
• Oversee the development and operationalization of custom ML/LLM models tailored to cybersecurity use cases.
• Guide architectural transformations to support scalable AI integration across the enterprise.
• Serve as a thought leader and subject matter expert on AI in cybersecurity, advising senior leadership and influencing enterprise-wide strategy.
• Ensure responsible and ethical use of AI in security operations, including model governance, bias mitigation, and explainability.
• Collaborate with offensive security teams to develop AI-enhanced red teaming and adversarial emulation capabilities.
• Drive innovation in proactive defense mechanisms using predictive analytics and autonomous threat response.

Required Qualifications

• Proven leadership in building and managing AI-focused cybersecurity teams.
• 7+ years of hands on experience in cybersecurity, specifically in Offensive Security or Threat Defense Operations.
• Hands-on experience building agentic AI systems, LLMs, and custom ML model development.
• Strong understanding of offensive security tactics and how AI can enhance red teaming, attack path mapping, and threat modeling.
• Experience leading large-scale technical projects involving security data pipelines, model deployment, and automation.
• Deep knowledge of cyber threat actor behaviors, attack vectors, and defensive countermeasures.
• Ability to translate complex technical concepts into actionable strategies for senior executives.
• Familiarity with AI governance, model risk management, and regulatory considerations in financial services.
• Demonstrated ability to drive consensus across diverse stakeholders and influence enterprise-wide initiatives.
• Strong communication and presentation skills, especially in executive and cross-functional settings.

Desired Qualifications

• Experience with enterprise cloud AI development platforms such as Azure AI Foundry, AWS Bedrock, or GCP Vertex
• Experience with AI-enhanced SOAR (Security Orchestration, Automation, and Response) platforms.
• Experience with modern data platforms, cloud-native architectures
• Familiarity with adversarial machine learning and AI security risks.
• Background in data engineering, feature engineering, and model lifecycle management.
• Prior work in regulated industries with a focus on compliance and risk mitigation.

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

Job Description:

We are seeking a highly skilled and experienced Senior Security Automation Engineer to lead the design, implementation, and optimization of security automation workflows using the Tines platform. This role requires deep technical expertise in security orchestration, cloud architecture, and API integrations, as well as experience working closely with Security Operations Centers (SOC), Incident Response (IR) teams, and cross-functional stakeholders. The ideal candidate will bring a strong security engineering background, hands-on experience with modern automation platforms, and a strategic mindset to drive scalable and secure automation initiatives.

Key Responsibilities
• Architect, implement, and maintain advanced automation workflows using Tines.
• Collaborate with SOC and IR teams to identify high-impact use cases for automation.
• Integrate Tines with enterprise systems including EDR, SIEM, threat intelligence platforms, and cloud services.
• Lead secure integration of Tines with SSO, credential vaults, and external repositories.
• Design and configure secure connectivity solutions (e.g., Cloudflare tunnels, VPNs) for hybrid environments.
• Develop and maintain orchestration stories across platforms such as:
• CrowdStrike, Tanium, Splunk, Anvilogic, ThreatQ, AWS, and Azure.
• Write, test, and debug Python-based automation logic.
• Analyze Tines logs and metrics to optimize performance and reliability.
• Create and maintain technical documentation, runbooks, and architectural diagrams.
• Engage with stakeholders across security, infrastructure, and application teams to gather requirements and align automation efforts with business goals.
• Ensure all automation workflows adhere to enterprise security policies and change management processes.

Minimum Years of Experience 8

Required Qualifications
• 8+ years of experience in cybersecurity, with at least 3+ years in a security automation or engineering role.
• Proven experience working with SOC and/or Incident Response teams to operationalize automation.
• Hands-on experience with Tines or similar SOAR platforms (e.g., Splunk SOAR, Palo Alto XSOAR).
• Strong programming skills in Python; experience with Git and CI/CD pipelines.
• Deep understanding of REST APIs, webhooks, and secure API integrations.
• Experience with cloud platforms (AWS, Azure, or GCP), including automation and security architecture.
• Familiarity with AI/ML integrations (e.g., AWS Bedrock, OpenAI APIs) is a plus.
• Experience configuring secure tunnels (e.g., Cloudflare, SSH, VPN) for hybrid environments.
• Strong knowledge of security frameworks and best practices (e.g., NIST, MITRE ATT&CK).
• Excellent communication skills and ability to translate technical concepts for non-technical stakeholders.
• Experience with Agile/Scrum methodologies and tools like Jira and Confluence.

Desired Qualifications
• CISSP, GIAC, or equivalent security certification.
• Tines certifications (both entry-level and advanced preferred).
• AWS Certified Security – Specialty or equivalent cloud security certification.

Skills:

• Automation

• Influence

• Result Orientation

• Stakeholder Management

• Technical Strategy Development

• Application Development

• Architecture

• Business Acumen

• Risk Management

• Solution Design

• Agile Practices

• Analytical Thinking

• Collaboration

• Data Management

• Solution Delivery Process

Job Description:

This job is responsible for leading evaluations of cyber security threats and enhancing defensive capabilities to reduce the bank's risk of exposure. Key responsibilities include conducting analyses of the threat environment and threats to the bank, including post incident analysis, applying a multi-faceted situational awareness of cyber security process to protect against threats, and implementing proactive defensive actions for the security, continuity, and confidentiality of information.

Key Responsibilities
• Control Ownership & Governance:
• Own and manage malware controls related to cloud and mobile platforms. Ensure controls are effective, measurable, and aligned with enterprise risk tolerance.
• Threat Management & Response:
• Collaborate with incident response teams to triage and respond to malware threats targeting cloud and mobile environments. Support post-incident reviews and drive improvements.
• Technology Risk Oversight:
• Identify and assess risks associated with cloud and mobile malware threats. Partner with risk and oversight teams to implement mitigation strategies.
• Operational Integration:
• Work across operational teams to integrate malware controls into existing workflows and technologies. Ensure seamless execution and reporting of control effectiveness.
• Metrics & Reporting:
• Develop and maintain operational metrics and dashboards to track control performance. Provide regular updates to leadership and stakeholders.
• Collaboration & Communication:
• Engage with cross-functional teams including GIS, cloud engineering, mobile development, and enterprise risk. Communicate technical findings and strategic recommendations clearly to both technical and non-technical audiences.
• Continuous Improvement:
• Stay current with emerging malware tactics targeting cloud and mobile platforms. Lead initiatives to enhance detection, prevention, and response capabilities.

Minimum 5 Years of Experience

• 5+ years of experience in malware analysis and incident response, with a focus on cloud and/or mobile platforms.
• Strong understanding of cloud service provider security models (AWS, Azure, GCP).
• Experience with mobile malware analysis (Android/iOS), including static and dynamic techniques.
• Familiarity with cloud-native security tools and mobile threat defense platforms.
• Ability to assess malware threats and extract Indicators of Compromise (IoCs).
• Strong documentation and reporting skills.
• Experience working in large enterprise environments with cross-functional teams.

Desired Qualifications
• Experience with sandbox technologies and virtualized analysis environments.
• Knowledge of mobile app reverse engineering tools (e.g., JADX, Frida, MobSF).
• Familiarity with cloud logging and monitoring tools (e.g., CloudTrail, Azure Monitor).
• Experience with SIEM platforms and event correlation.
• Knowledge of forensic artifacts in cloud and mobile environments.
• Experience with mobile security products like Lookout, CrowdStrike Mobile
• Experience with Microsoft Defender, Microsoft Sentinel, AWS Guard Duty, Google Cloud Security Center)

Certifications (Desired but not Required)
• CCSP, CCSK, GPCS, GMOB, GCIH, GREM, GCFA, GCFE, CISSP, or equivalent certifications.

Skills:

• Cyber Security

• Data Privacy and Protection

• Problem Solving

• Process Management

• Threat Analysis

• Access and Identity Management

• Business Acumen

• Interpret Relevant Laws, Rules, and Regulations

• Risk Analytics

• Stakeholder Management

• Data Governance

• Data and Trend Analysis

• Incident Management

• Information Systems Management

• Technology System Assessment