דרושים Assistant Vice President/ President Third ב-Bank Of America ב-Singapore, Singapore

Job Description:

Job Description:
The Third Party Cyber Security Assessor will conduct information security and business continuity assessments of third parties providing services to Bank of America. The assessor will examine a third party's program to determine if they meet the Bank’s requirements, identifying control gaps that may expose the Bank to risks and subsequently work with the third party on all remediation activities.

There will be opportunities to be involved in projects to improve processes & transform the assessment program. This will enable you to leverage and grow your leadership skills as you'll be expose to various internal stakeholders and industry partners.

Responsibilities:

• Manage and execute assessments of third parties providing services to Bank of America.
• Evaluate design and effectiveness of controls implemented by third parties providing services to Bank of America
• Drive remediation of issues identified through the assessments and any subsequent risk conversations with the third parties and other internal stakeholders.
• Interface with external third parties and internal line of business stakeholders to provide consultation on information security topics and build strong working relationships with these parties.
• Partner with regional and global GIS teammates to collaborate on opportunities and to identify, analyze, and resolve complex problems or security gaps.
• Contribute to the development and transformation of the Third Party Cyber Assurance program

Required Skills:

• Previous information technology/security audit/assessment experience preferred.
• Ability to leverage attention to detail and analytical skills.
• Ability to multi-task and work both independently as well as part of an assessment team
• Ability to plan, execute and document assessment and remediation activities following established processes and procedures.
• Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
• Minimally, CISSP and/or CISA certifications are required as well as five to eight years of experience in information security or business continuity.
• Technical skills include the domains of information security and business continuity including:
  • Information Security Controls (Cloud Security, Infrastructure Security, Access Management, Physical Security, Application Security, etc.),
  • IT Compliance, SOX Compliance
  • Change Management
  • Enterprise Risk Management
  • Solid grasp of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards.
• Ability to speak Mandarin and write in Simplified and Traditional Chinese due to interactions with 3rd parties in the Greater China region.
• Must be able to travel up to 25% of the time.
• Experience in Cloud technologies, OSINT and threat modeling will be advantageous.

Job Description:

Job Description:

This job is responsible for being the first point of contact for requests or service failure incidents and maintaining stability for a portfolio of applications. Key responsibilities include documenting or modifying knowledge, performing investigations, identifying incidents, mitigating impacts and engaging in triages, and working with technology teams to identify and resolve issues. Job expectations include following well defined Standard Operating Procedures (SOPs) and partnering with experts to improve service levels by proposing changes to monitoring, alerting, and configuration.

Responsibilities:

• Monitors and supports application components and infrastructure critical to the business, such as relevant technologies and dashboards, responds to alerts regarding production incidents, and resolves issues prior to customer service interruption
• Fulfills requests from users, operations, auditors, and regulators within service level agreements and drives operational excellence through process improvement and monitoring development efforts related to supported technologies
• Onboards monitoring tools and applications in access system(s) of record to research potential production incidents, meet user requirements and service changes, and identify and implement automation opportunities in partnership with architects and engineers
• Communicates status updates and technical details, such as infrastructure, application and client impact, and component points of failure to management, and provides reporting on environment and incident status in operational meetings
• Performs environment routing and cycling, implements splash pages, and liaises with development teams to design and configure auto provisioning, straight thru revocation (STR), and straight thru processing (STP)
• Manages aged revocation monitoring to identify and fix defects in applications and systems of record
• Prepares technical documentation and develops procedures for trouble shooting incidents to identify production failure scenarios, vulnerabilities, and improvement opportunities requiring escalations
• Exercise judgment within broadly defined practices and policies in selecting methods, techniques and evaluation criterion and taking appropriate actions.
• Applies an understanding of the end-to-end infrastructure and how components relate to each other. When triaging an issue to help resolve incidents.
• Applies extensive knowledge of the Mainframe/ iSeries infrastructure and business applications to minimize disruption of services, the delay of deliverables or the recovery of failing components.
• Consistently exhibits self-motivated ability to organize or actively participate in projects that improve the overall ability of the organization to provide effective and efficient services.

Required Skills:

• Has 10+ years of experience with IBM z/OS, workloads and operations.
• Understands the sensitive and critical nature of data processing and service level agreements and be able to proactively contribute to organizational goals and delivery targets.
• Shows the ability to respond to alerts regarding potential production incidents and consistently taking appropriate action.
• Ability to manage multiple priorities in fast-paced environment with flawless execution, working collaboratively with cross-functional, cross-cultural teams.
• Associate is viewed as a subject matter expert in either Mainframe or iSeries Operations functions. While understanding both platforms.
• Exceptional problem-solving and analytical skills, excellent communication and interpersonal skills.
• Exhibits a team-oriented mindset while taking independent action when appropriate. Strong attention to detail and multitasking prowess.
• Perform analysis using monitoring tools and reports to proactively identify and address potential issues prior to production impact. Is advanced in Interpreting monitors and dashboards to identify anomalies in our environments.
• Actively trains junior and mid-level talent and mentors individuals to help with continued growth.
• Represent the team on triage calls. Can lead the call and send management updates if needed.
• Knowledge with ticketing tools such as BMC Remedy or ServiceNow.
• Candidate must be able to work on Sundays to support our weekly Mainframe System Modification Window .

Desired Skills:

Is advanced in:

• Technical experiences include operator level knowledge of JES2 and MVS commands sets and console operations.
• The ability to navigate and provide operator level control over CICS and IMS.
• Knowledge of standard mainframe tools such as: MAINVIEW, Omegamon, Tivoli, SA/Zos, CAO, OPS/MVS, TMON, NETVIEW, TBSM, and HMC
• Strong knowledge of IPL and POR procedures is required.

Responsibilities:

The Identity Defense Specialist will support design efforts to build out new processes, controls, and supporting governance related to implementation of human and non-human account monitoring to protect the Bank. You will utilize in-depth technical knowledge and business requirements to help implement scalable solutions, inclusive of monitoring, alerting, and escalation frameworks focused on core account protections. Leveraging your knowledge of both common and emerging threats related to account take-over, you will have an opportunity to proactively develop, implement, and influence controls and policy within the digital identity domain. You will partner with leaders from line of business organizations to triage security events and report on impacting security incidents.

The Analyst will regularly collaborate with experts in and out of our team, both in country and in other regions, so excellent communication skills are very important. The role will also involve discussion with employees as part of alert analysis and disposition. If you are seeking a demanding role within Global Information Security (GIS) and have the required skills, this will be a great opportunity for you. Typically, applicants should have 3+ years of cybersecurity or engineering experience. Responsibilities include, but are not limited to:

• Actively investigate alerts related to potentially anomalous behavior/activity.
• Confidently and professionally interview/question users to determine or confirm root cause.
• Communicate effectively with response and business partners.
• Build and monitor Splunk alerting and dashboards.
• Identify areas for further process automation, simplification, and improvement.
• Provide status updates for executives and stakeholders in non-technical terms encompassing risk, impact, containment, remediation, etc.
• Risk management.
• Comprehensively document analysis, investigative activities, actions, etc.

Required Skills:

• 3+ years of experience with cloud information security related activities.
• 3+ years of experience in an operations focused cloud information security role.
• Experience conducting analysis/investigation and containment of potential data breaches or cyber security incidents.
• Ability to analyze data and evaluate relevance to a specific incident under investigation.
• Ability to handle multiple competing priorities in a fast-paced environment; ability to be decisive and take action without causing an undue delay.
• Ability to exercise independent judgment when responding to alerts.
• Ability to communicate effectively across all levels of the organization, to both technical and non-technical audiences.
• Familiarity with security vulnerabilities exploits and hacker techniques.
• Familiarity identity management standards, social engineering TTPs, and the incident response lifecycle.
• Familiarity with Splunk, and the ability to build queries, alerts, dashboards, etc.
• Knowledgeable of current authentication-based exploits.
• Proven experience presenting findings via written reports and orally to key stakeholders in clear and concise language.
• Supportive and can work well as part of a team as well as independently.
• Can remain calm under pressure.
• Ability to work in a strong team-orientated environment with a sense of urgency and resilience.
• Critical thinking - must be able to think outside the box and develop solutions to accomplish seemingly impossible tasks while remaining risk and objective focused.

Desired Skills:

Desired Skills/Qualifications/Certifications:

Cloud+; AZ-900 (Azure Fundamentals), AZ-500 (Azure Security Engineer Associate), SC-900 (Security, Compliance and Identity Fundamentals); AWS Certified Security Specialty 2024

Job Description:

Job Description:

It is also the perfect path to a greater understanding of the activities that form part of a Service & Fulfillment and Operations organization, learning the flow all the way from client implementation and onboarding, opening new accounts, to a successful Service experience.

This role offers huge learning opportunities and opens a path into potential new avenues within the Global Banking Operations and the wider organization.

Responsibilities:

• Perform & strengthen Inline controls (ILQA) basis the ILQA script.

• Share QA automation opportunities.

• Complete assigned requests within strict deadlines independently.

• Perform extensive data analysis and deep-dive review to build test script and management reporting.

• Ability to listen and read native languages used in Japan, Korea to review client documentations (preferable).

• Attention to detail, accuracy, and completeness of testing to identify process gaps, exceptions, and process improvement opportunities.

• Support sustainability test for any new and existing audit issues.

• Able to develop comprehensive test scripts and provide training to support new test of controls requirements.

• Actively identify and early escalation of control deficiencies and gaps to discuss with line management, and initiate control recommendations.

• Proactively review internal LOB procedures, test scripts, results communication and reporting to ensure adherence to internal LOB guidelines.

• Exposed to multiple line of businesses (LOBs) to develop understanding of Bank end-to-end processes and business acumen.

• Maintain up-to-date working knowledge of the bank’s client access products/services, payment and trade capabilities, internal operations and local practices.

Skills:

• Minimum 3 years in Risk management and Quality Assurance experience.

• Knowledge of Treasury, Trade, Account opening or similar Banking Operations processes is required.

• Proven Experience in process automation with minimally VBA Macro skills is required.

• Capability to perform extensive data analysis and transform to management reporting.

• Bachelor’s Degree or Equivalent experience.

• Excellent written and verbal presentation and communication skills.

• Excellent project management skills.

This job is responsible for providing analysis for one or more operations product areas in the delivery of moderately complex regulatory reporting and/or regulatory processing. Key responsibilities include analyzing and resolving highly complex operations problems, projects and initiatives, and contributing to the resolution of highly complex problems. Job expectations include coordinating across multiple operations functions and products with the introduction of new initiatives, systems, products, services, and processes.

• Bachelor’s Degree with minimum 5+ years of experience; Professional qualifications (e.g., CA, CFA, CPA) preferred
• Experience in any of the following areas: Operations/Finance/Risk/Compliance
• Strong knowledge of financial markets, banking industry, equities, bonds, currencies, and their derivative products.
• High level understanding of global markets and wealth management business divisions.
• Strong technical and data analytical skills (i.e., Excel, and other similar applications) with experience in analyzing, managing and reporting from large sets of structured data (e.g., books and records data).
• Able to produce accurate work output and reports under tight deadlines
• Communicates effectively in both oral and written formats and tailors message appropriately to audience
• Demonstrated intellectual curiosity and operational excellence experience
• Able to think critically to quickly analyze and resolve issues
• Influences and delivers results through collaborative relationship with key partners and stakeholders
• Works independently to prioritize work and deliver against regulatory deadlines and a dynamic environment
• Able to demonstrate a high level of integrity with a mature approach to work
Desired Skills:

• Audit experience
• Knowledge of key regulatory reporting rules within the region of coverage
• Experience interacting with regulatory agencies and /or reg exams.
• Regulatory reporting experience and/or experience in a global markets regulatory reporting environment or exposure to position/transaction processes/life cycle
• Regulatory reporting experience and/or experience in global banking regulatory reporting environment or exposure to deposit/ liability balance reports, and payment transactions
• Experience in technology implementation projects including involvement in building new or enhancing existing systems to meet complex reporting requirements

Responsibilities:

The Identity Defense Specialist will support design efforts to build out new processes, controls, and supporting governance related to implementation of human and non-human account monitoring to protect the Bank. You will utilize in-depth technical knowledge and business requirements to help implement scalable solutions, inclusive of monitoring, alerting, and escalation frameworks focused on core account protections. Leveraging your knowledge of both common and emerging threats related to account take-over, you will have an opportunity to proactively develop, implement, and influence controls and policy within the digital identity domain. You will partner with leaders from line of business organizations to triage security events and report on impacting security incidents.

The Analyst will regularly collaborate with experts in and out of our team, both in country and in other regions, so excellent communication skills are very important. The role will also involve discussion with employees as part of alert analysis and disposition. If you are seeking a demanding role within Global Information Security (GIS) and have the required skills, this will be a great opportunity for you. Typically, applicants should have 3+ years of cybersecurity or engineering experience. Responsibilities include, but are not limited to:

• Actively investigate alerts related to potentially anomalous behavior/activity.
• Confidently and professionally interview/question users to determine or confirm root cause.
• Communicate effectively with response and business partners.
• Build and monitor Splunk alerting and dashboards.
• Identify areas for further process automation, simplification, and improvement.
• Provide status updates for executives and stakeholders in non-technical terms encompassing risk, impact, containment, remediation, etc.
• Risk management.
• Comprehensively document analysis, investigative activities, actions, etc.

Required Skills:

• 3+ years of experience with cloud information security related activities.
• 3+ years of experience in an operations focused cloud information security role.
• Experience conducting analysis/investigation and containment of potential data breaches or cyber security incidents.
• Ability to analyze data and evaluate relevance to a specific incident under investigation.
• Ability to handle multiple competing priorities in a fast-paced environment; ability to be decisive and take action without causing an undue delay.
• Ability to exercise independent judgment when responding to alerts.
• Ability to communicate effectively across all levels of the organization, to both technical and non-technical audiences.
• Familiarity with security vulnerabilities exploits and hacker techniques.
• Familiarity identity management standards, social engineering TTPs, and the incident response lifecycle.
• Familiarity with Splunk, and the ability to build queries, alerts, dashboards, etc.
• Knowledgeable of current authentication-based exploits.
• Proven experience presenting findings via written reports and orally to key stakeholders in clear and concise language.
• Supportive and can work well as part of a team as well as independently.
• Can remain calm under pressure.
• Ability to work in a strong team-orientated environment with a sense of urgency and resilience.
• Critical thinking - must be able to think outside the box and develop solutions to accomplish seemingly impossible tasks while remaining risk and objective focused.

Desired Skills:

Desired Skills/Qualifications/Certifications:

Cloud+; AZ-900 (Azure Fundamentals), AZ-500 (Azure Security Engineer Associate), SC-900 (Security, Compliance and Identity Fundamentals); AWS Certified Security Specialty 2024

Job Description:

Job Description:

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.

What you can expect in Identity & Access Management:

Responsibilities:

What you will do

• Process requisition for Id management account provisioning and deprovisioning.
• Provide L1 & L2 support for the internal resources via chat and mailbox channels as part of the 24x5 support.
• Work well as a team and build relationships to the global partners.
• Excellent organizational skills, with the ability to prioritize workload.
• Ability to multitask and maintain focus on all areas of responsibility concurrently.
• Taking ownership to identify and assess the appropriate outcome for the violation and manage through.
• Plan, manage and execute projects, partnering with line of business.
• Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
• Working in tandem with the global teams to support their initiatives and achieve Global Information Security goals.
• To identify, escalate and debate all risks in line with the bank’s framework.
• By analyzing events/metrics and escalation data, identify patterns and trends on high-risk controls and proactively suggest, develop and implement enhancements to reduce risk.

Required Skills:

Your background

• ID Access Management team (IAM) - Data Engineering and Service Enablement team is part of the Global Information Security team that manages the Bank’s Network accesses and entitlements adhering and adopts to the enterprise policies and standards.
• Possess at least Diploma/ Degree in Information Technology, information security or related field with minimum of 3 years relevant experience.

Required skills:

• Experience in ID Management account provisioning /deprovisioning. Platforms covers; Windows, CyberArk, SailPoint, Access Review and good to have knowledge on UNIX, Mainframe & Midrange.
• Preferably with knowledge in scripting (e.g., PowerShell, Phyton, VBA. JAVA and html) for infrastructure automation.
• Project Management
• Data Analysis (for reporting)
• 2 shifts on rotation (24x5):
• 1st Shift: 7am to 4pm SGT
• 2nd Shift: 8am to 5pm SGT
• Required to attend evening calls during US hours occasionally.
• Rotational weekend standby and public holidays coverage required.