דרושים Merger Acquisition Security Integration Engineer ב-Bank Of America ב-United States, Chicago

Job Description:

The Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Front Line Units (FLU) / CIO executives. In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies and controls.Scale/Scope
• Contribute to the ongoing information security initiatives and improvements development, implementation and maintenance of information security for FLU/Ops
• Serves as an Information Security subject matter expert and participates in the development, implementation and maintenance of information security for FLU/Ops
• Aligned to Fraud Authentication , Financial Center, and Automated Teller Machines channel segments to drive a security strategy and to ensure appropriate security by design requirements execution
• Provides guidance and advocacy regarding the prioritization of investments that impact information security
• Advises management on risk issues related to information security and recommends actions in support of the bank's wider risk management and compliance programs
• Monitors information security trends internal and external to the bank and keeps leadership informed
• Manages quality control and reporting
• Ensures compliance with policies and lawsRequired Skills
• Information Security & Technology professional with 10+ years’ experience
• 7+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations
• Subject matter expertise in application security, vulnerability testing and development of risk appetite
• Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS)
• Experience evaluating third party information security control and providing guidance to reduce risk on identify observations
• Experience with information security for No SQL, Big Data , and unstructured data stores (Cassandra, Hadoop, and /or Teradata)
• Knowledge in Windows, Midrange and Mainframe Platforms with emphasis on security application security controls
• Exceptional executive presentation and communication skills
• Excellent influencing and problem resolution skills
• Advises LOB management on risk issues related to information security and recommends actions in support of the bank's wider risk management and compliance programs
• Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding
• Strong leadership skills and qualities which enable you to work with peers and various levels of managementDesired Skills:
• Bachelors and/or Master’s degree in Computer Science, Information Technology or related field
• Experience working on cloud control assessment in Microsoft Azure, Amazon Web Services and Google Cloud Platform environments

Risk Management
• Drives GIS/FLU/Ops risk deliverables
• Collaborates with risk partners on info security critical priorities
• Participates in senior FLU/Ops specific Risk Management & Business Continuity Routines
• Identifies and measures global information security (GIS) controls on most critical business processes or channelsLeadership/Strategy
• Ability to build strong Partner relationships with peer technology groups and supported FLU/Ops
• Supports the triage process with the client and helps them understand the GIS support structure
• Drives required risk culture and partnership with peer technology teams and supported FLU/Ops
• Participates in key operating routines to drive information security risk strategy

Job Description:

Job Description:

The Information Security Transformation Lead willdrivethe design, integration, and execution of enterprise-wide transformation initiatives to strengthen data protection and data security capabilities within the Data Loss Prevention (DLP) organization. The role spans all DLP channels — endpoint, network, cloud, email, internet, and data at rest — ensuring the program evolves to meet advanced threats, regulatory requirements, and strategic business needs.

This highly technical position demands deep expertise in information security architecture, engineering, and threat detection with a proven track record in implementing modern, scalable, and secure data protection capabilities. The Transformation Lead serves as the strategic and technical lead for DLP transformation, ensuring the DLP organization delivers best-in-class data protection capabilities across all channels.

Key Responsibilities

• Own the DLP transformation roadmap for data protection and data security across all channels, aligning with enterprise information security architecture and DLP strategy.
• Conduct deep technical assessments of DLP and adjacent security capabilities, identifying architecture, tooling, and process gaps.
• Partner with control owners to develop functional and non-functional requirements for new capabilities, ensuring alignment to threat models and compliance requirements.
• Architect and guide the delivery of integrated data protection solutions, incorporating DLP tooling, encryption, cloud-native controls, and internet security capabilities.
• Develop and maintain threat models for data exfiltration and insider threat scenarios, mapping to frameworks such as MITRE ATT&CK.
• Oversee technical design for secure internet traffic inspection, advanced policy enforcement, and automation for faster detection and response.
• Ensure all transformation efforts meet regulatory, audit, and security policy standards (e.g., NIST 800-53, FFIEC, GDPR, CCPA).
• Act as a trusted advisor to GIS, CTO, and enterprise stakeholders on advanced data protection strategies and engineering practices.
• Provide clear executive-level reporting on transformation progress, security posture improvements, and program maturity.

Required Qualifications

• Minimum of 7 years of information security expertise in architecture, engineering, and operations, with focus areas in:
  • DLP across endpoint, network, email, cloud, and data at rest
  • Internet protocols, proxy and gateway security, firewall policy design
  • Cloud security architectures and SaaS data protection
  • Encryption, key management, and secure data handling
• Proven experience integrating data protection solutions with SIEM, SOAR, CASB, EDR/XDR, IAM, and secure web gateways.
• Strong capability in threat modeling and translating results into security architecture changes.
• Understanding of regulatory and industry standards for high-risk data in financial services and other regulated environments.
• Ability to lead technical design reviews and challenge architectural decisions to ensure security-by-design.
• Exceptional relationship management and influence skills across complex, global organizations.

Desired Qualifications

• Security certifications such as CISSP, CCSP, CISM, or GIAC.
• Automation and scripting skills (Python, PowerShell, etc.).
• Experience in AI-assisted anomaly detection for data security.
• Background in financial services or similarly regulated industries.

Skills:

• Cyber Security
• Data Privacy and Protection
• Problem Solving
• Process Management
• Threat Analysis
• Access and Identity Management
• Business Acumen
• Interpret Relevant Laws, Rules, and Regulations
• Risk Analytics
• Stakeholder Management
• Data Governance
• Data and Trend Analysis
• Incident Management
• Information Systems Management
• Technology System Assessment

Job Description:

This job is responsible for defining and leading the engineering approach across end-to-end technology stacks. Key responsibilities include leading teams to deliver design solutions, engaging in development environments to identify and improve performance/capacity issues, and ensuring system design solutions comply with enterprise standards. Job expectations include demonstrating technical expertise within domains, decomposing objectives into work units, advancing efficient solution delivery practices, and promoting exceptional design, engineering and organizational practices.

Service Design & Deliveryengineer oversees delivery of collaboration and productivity solutions at the bank, for example M365 product suite, voice, and video solutions.) The role requires technical knowledge and process expertise to examine what’s needed to introduce or the bank’s collaboration and productivity service. The goal is ensuring programs and/or projects are delivered end-to-end (design, build, operate) with high quality, focus on user experience, proper processes, and required security and compliance controls based on collaboration with bank’s teams.

Responsibilities:

• Ensures that execution aligns with product strategy by working with product management, product owners, and other stakeholders, contributing to the technology strategy for their technical domain
• Mentors and guides Solution Engineer resources and more junior engineers on performance evaluation and validation methods and tools ensuring system design technology solutions comply with enterprise system design and engineering standards
• Participates in solution-driven discussions, such as various Communities of Practice (COPs), contributes to the design of large or highly complex architectural designs, and finds creative solutions through their knowledge of the domain and operational constraints
• Collaborates with Development and Infrastructure teams to understand technical solutions and provide the performance capabilities required in the application across the technology stacks provided by peer Engineering Leads
• Manage overall program execution and program health inclusive of tasks, risks, dependencies, and impediments.
• Accountable for end-to-end plan ensuring delivery by expected date.
• Collaborate with cross-functional teams to identify and prioritize dependent tasks, track open deliverables to closure.
• Engage and support bank and vendor teams to define critical tasks and inter-dependencies needed to deliver.
• Track watch items, issues, and risks with corresponding mitigation plans for disposition before implementation.
• Track user experience testing and document results, if required.
• Manage user migration, communication, and training for programs as required.
• Drive development of service management measures and KPIs as required.
• As needed, document improvement plans over the course of delivery.
• Prepare briefing notes, reports, program updates, and action plans for Senior Management

Required Qualifications:

• Demonstrated experience delivering M365 or Regulated Messaging Services preferred, or equivalent technical projects.
• Ability to work well with other bank team members to deliver on their tasks.
• Strong communication (written and spoken skills).
• Expert organizational skills and analytical skills.
• Effective attention to detail and ability to determine course of action as required.
• Ability to learn bank’s system and tollgates needed to perform role; knowledge of Jira preferred.
• Interact effectively with teams, internal customers, and leadership as needed.
• Handle multiple projects simultaneously.
• Proficiency in Microsoft Office Suite and advanced proficiency with Microsoft Visio
• 7-10 years’ experience working on technology initiatives.
• Bachelor’s degree preferred.

Skills:

• Analytical Thinking
• Collaboration
• Innovative Thinking
• Solution Delivery Process
• Solution Design
• Architecture
• Automation
• Influence
• Risk Management
• Technical Strategy Development
• Adaptability
• Application Development
• Business Acumen
• DevOps Practices
• Production Support

Job Description:

Job Description:
This job is responsible for developing and delivering complex requirements to accomplish business goals. Key responsibilities of the job include ensuring that software is developed to meet functional, non-functional and compliance requirements, coding solutions, unit testing, and ensuring the solution can be integrated successfully into the overall application/system with clear, robust, and well-tested interfaces. Job expectations include an awareness of development and testing practices in the industry.

Software Engineer to work on maintaining and enhancing Python based FX execution app suite and develop, test and deliver complex software requirements to accomplish business goals.

Responsibilities:

• Codes solutions and unit test to deliver a requirement/story per the defined acceptance criteria and compliance requirements

• Utilizes multiple architectural components (across data, application, business) in design and development of client requirements

• Performs Continuous Integration and Continuous Development (CI-CD) activities

• Contributes to story refinement and definition of requirements

• Participates in estimating work necessary to realize a story/requirement through the delivery lifecycle

• Contributes to existing test suites (integration, regression, performance), analyze test reports, identify any test issues/errors, and triage the underlying cause

• Performs spike/proof of concept as necessary to mitigate risk or implement new ideas

Required Qualifications

• Exceptional development skills in Core Python on Linux/UNIX

• Knowledge or experience of agile development (e.g., XP, SCRUM, Kanban) and continues integration.

• Experience with Python performance tuning

• Solid OO design skills with an emphasis on distributed low latency, high availability systems

• Excellent problem solving and analytical skills in a high-pressure environment.

• Strong understanding of algorithms and data structures

• Strong understanding of design patterns including why and where a pattern should be used.

• Strong understanding of Messaging Middleware concepts, usage, and application

• Develop code solutions and unit tests, ensuring integration with the overall system through clear, robust, and well-tested interfaces.

• Participate in team estimation of work required for story delivery.

• Python development skills

• KDB/Q development skills

Desired Qualifications

• Experience with Quartz bank systems

• Experience with Python data analysis packages

• Contribute to story refinement and requirements definition.

• Experience working with global development teams.

• Experience working in a front office e-trading platform development team.

• Experience with Python quantitative packages

• Participate in delivery and release events, including CI/CD activities such as branching, pull requests, issue triage, conflict resolution, and release notes.

• Adhere to team processes and cadence for code deployment and release.

Skills:

• Application Development

• Automation

• Collaboration

• DevOps Practices

• Solution Design

• Agile Practices

• Architecture

• Result Orientation

• Solution Delivery Process

• User Experience Design

• Analytical Thinking

• Data Management

• Risk Management

• Technical Strategy Development

• Test Engineering

• Leads cybersecurity risk assessments of Generative AI use cases, including assessment of the inherent risk and control effectiveness
• Guides business leaders and technology organizations on initiatives requiring Global Information Security engagement and/or manage problem resolution on cyber security related issues
• Serves as a common risk control partner to identify emerging security risks in the portfolio
• Drives adherence and appropriate risk tolerance levels, operating in accordance with the information security policies defined to protect against threats to data confidentiality, integrity, and availability
• Promotes awareness of current and emerging cybersecurity threats and advise on potential information security exposure
• Facilitates risk reviews across logical and physical boundaries to identify gaps and recommend secure designs
• Interprets the information security requirements outlined in policy, standards and procedures as well as reinforces requirements through education and awareness
• Leads as a "security ambassador" to help business leaders drive strategic and innovative risk mitigation priorities and navigate the Global Information Security organization

• 8+ years of experience in cybersecurity, with at least 2 years focused on cyber assessment of Artificial Intelligence or Machine Learning systems
• A deep understanding of Generative AI/Large Language Models and assessment frameworks including MITRE ATLAS, OWASP Top 10 for LLM and GenAI, and NIST AI RMF
• In-depth knowledge of cybersecurity threats, controls and technologies, with a deep understanding/experience with software developer experiences to bridge the gap between the theoretical and practical application
• Ability to apply knowledge of internal and external information vulnerabilities to evaluate the degree of threat to an information system and answer tactical questions about current operations, predict future behavior or recommend appropriate mitigation countermeasures
• Ability to manage and design controls that may contribute to a remediation plan developed to address policy, technology, environmental, and/or operational gaps
• Ability to bring multiple stakeholders together, including senior business and technology leaders, and cut to the heart of issues to reach consensus
• Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input, and when to act independently
• Bias for action and a commitment to build partnerships in a dynamic risk & threat driven environment
• Strong interpersonal skills; ability to make effective presentations and communicate technical concepts to non-technical parties
• Ability to identify, measure, monitor, and control risk as part of daily business activities, with a focus on specific risk types (e.g., Strategic, Credit, Market, Liquidity, Operational, Compliance, Reputational)
• Ability to design, architect, analyze, support, and secure cloud-based workloads
• Excellent communication, influencing and facilitation skills

Job Description:

Role requires 3 years of experience.

Job Responsibilities:
• Identify vulnerabilities and misconfigurations across the Azure platform, resources, and workloads.
• Maintain cloud security posture management (CSPM) and vulnerability management tools such as Defender, Wiz, Qualys, CrowdStrike.
• Develop automated detection and monitoring for insecure configurations, excessive permissions, and non-compliant deployments.
• Partner with engineering, DevOps, and application teams to provide remediation guidance and drive secure by design solutions.
• Triage and report vulnerabilities with risk ratings to ensure timely remediation.
• Research and stay ahead of emerging cloud threats, vulnerabilities, and industry best practices.
• Contribute to cloud security standards, baselines, and playbooks to improve enterprise-wide security posture.
• Support governance, risk, and compliance requirements by ensuring alignments with regulatory and internal policy standards.
• Drive Cloud Security solutions in alignment with the Bank’s cloud strategy and in accordance with security best practices.
• Develops strong partnerships by demonstrating operational expertise as a subject matter expert.

Required Qualifications
• Experience with Microsoft Azure native services, tools, and architecture.
• Understanding of cloud security principles and practice
• Working knowledge of cloud threat landscape
• Technical experience in infrastructure and/or security functions
• Understanding of DevSecOps and CI/CD pipeline integration through security engineering lifecycles.
• Understanding of Threat modeling and frameworks
• Understanding of vulnerability management and scanning tools
• Experience in project management
• Well-developed analytic, qualitative, and quantitative reasoning skills with a demonstrated creative problem-solving ability.
• Ability to work independently with little oversight on complex initiatives.
• Extremely motivated, hungry to learn
• Ability to communicate complex concepts to all levels of understanding and technical ability.

Desired Qualifications
• CISSP/CCSP/CISM
• Cloud specific Security certifications such as SANS/GIAC
• Vendor specific and relevant certifications – AZ-500, SC-200, AZ-204, CKA, CKS, RHCE, etc
• Bachelors degree in a technical field