דרושים Sr Information Security Architect ב-Bank Of America ב-United States, Denver

Job Description:

Seeking a detail-oriented and proactive team member to help transform business data into clear, actionable insights. This role is responsible for supporting the creation, improvement, and automation of recurring reports, helping leaders make data-driven decisions. Generally requires 5 years of experience.

Key Responsibilities:
• Maintain and enhance recurring business reports to ensure stakeholders receive accurate and timely insights.
• Streamline and automate reporting processes to improve efficiency and reduce manual effort.
• Collaborate with team members and business partners to understand reporting needs and develop solutions that provide clarity and value.
• Support data organization and visualization efforts to help teams easily access and interpret information.
• Identify opportunities to improve reporting processes and deliver actionable recommendations.

REQUIRED QUALIFICATIONS
•
Experience in Alteryx, Tableau and SharePoint
• Strong attention to detail and organizational skills.
• Ability to work independently while collaborating with multiple stakeholders.
• Comfortable learning and working with tools that help organize, visualize, and automate data (experience with reporting or dashboards is a plus).
• Problem-solving mindset and eagerness to improve processes.

Your work will directly support business decisions by providing timely, clear, and accurate reporting. By improving and automating existing processes, you will help the team work more efficiently and focus on driving results.

This job is responsible for supporting multiple security engineering efforts to deliver enterprise security capabilities. Key responsibilities include serving as a subject matter expert of security technology, overseeing major engineering milestones including the design, development, and implementation of systems, and reporting on key metrics. Job expectations include executing on engineering initiatives, partnering with cross-functional teams, solving complex issues within one or more security domains, and mentoring team members. Experience with host-based security is highly desired.

Responsibilities:

• Serves as a subject matter expert for one or more security engineering initiatives.
• Understands key business drivers for security engineering in regard to host-based security and proposes system designs, proposes implementation.
• Serves as a knowledge base on host-based vulnerabilities root cause, exploitation techniques and potential mitigation mechanism.
• Serves as a subject matter expert with network traffic analysis (layer 7, Layer 3, Layer 4), attack patterns.
• Possesses understanding of Machine Learning Algorithms.
• Possesses understanding of certificate management, widely used encryption algorithms, digital signatures.
• Possesses understanding of data lake tools, common API protocols.
• Drives complex technical information security projects to ensure on-time delivery and identifies and raises risks and potential vulnerabilities at all stages of the security engineering process.
• Leverages broad knowledge of information security technologies, techniques, and processes and prepares to grow knowledge within one or more security-engineering domains.
• Leads the identification, definition, and documentation of system security requirements.
• Leads work efforts with a diverse set of stakeholders with varying priorities to debate and negotiate paths forward.
• Drives the development and execution of test plans to produce quantitative results and thinks outside the box to develop and implement multiple solutions to complex problems.

Required Qualifications:

• 10+ years of Information Security experience in multiple domains.
• 5+ years of experience configuring endpoint security programs, preference for at least 3 years of experience in CrowdStrike Falcon or similar, i.e.: SentinelOne, MS Defender, Trellix or Symantec Endpoint solutions
• Proven track record of deploying, configuring, and tuning enterprise EDRs
• Experience writing and updating queries using CrowdStrike Query Language, Splunk Query Language or similar
• This is an engineering role that requires designing, configuring and maintaining endpoint tools in production.
• This role also requires solid understanding of networking (Firewall, DNS, Proxy, Log Analysis etc.)

Skills:

• Influence
• Result Orientation
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Access and Identity Management
• Critical Thinking
• Cyber Security
• Information Systems Management
• Risk Management
• Collaboration
• DevOps Practices
• Financial Management
• Solution Delivery Process
• Test Engineering

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Role Description:

As the development lead, you will drive the strategic vision for a multi environment platform that integrates security tools, telemetry, automation, and analytics into a unified experience. You will collaborate closely with SOC analysts, threat hunters, incident responders, and security engineers to ensure that the interface meets operational needs while reducing friction and improving response times.

Skills

• Deep expertise in cybersecurity operations, threat detection, and incident response workflows.
• Proven experience designing and deploying platforms that integrate SIEM, SOAR, TIP, EDR, and cloud-native telemetry
• Strong understanding of federated data access, log normalization, and real-time streaming (e.g., Cribl, Kafka)
• Familiarity with LLM orchestration frameworks (e.g., LangChain, LlamaIndex) and AI/ML-driven analytics
• Experience with advanced SOAR Playbooks and/or AI Agents.
• Experience with data modeling, schema mapping, and field correlation across hybrid/multi-cloud environments
• Strong interpersonal and executive communication skills; ability to translate technical vision into business value
• Demonstrated ability to lead cross-functional teams of engineers, data scientists, and security analysts
• Experience with agile development, DevSecOps, and secure software lifecycle practices
• Experience developing technology for MDR, or other large scale cybersecurity platform software providers.

Roles & Responsibilities

• Partner to lead the development of an AI-augmented threat hunting and security operations platform that unifies telemetry, automation, and analytics
• Architect and oversee the integration of federated data sources across cloud, on-prem, and legacy environments
• Collaborate with cybersecurity teams and engineering teams to define use cases for LLMs in threat detection, log correlation, and contextual enrichment
• Drive the implementation of a modular, scalable platform that supports real-time streaming, historical search, and AI-assisted investigation
• Champion the use of structured data models and field taxonomies (e.g., OCSF, ECS) to enable semantic search and automation
• Integrate LLMs to support use cases such as data cataloging, field mapping, log summarization, and hypothesis-driven hunting
• Establish performance metrics and feedback loops to continuously improve platform usability, detection efficacy, and analyst productivity
• Partner with SOAR teams to develop agent-based playbooks for automated context gathering and response
• Ensure platform security, compliance, and auditability across all integrated components

Required Qualifications:

• 10+ years of experience in cybersecurity engineering, threat detection, or security platform development
• 7+ years of leadership experience managing cross-functional technical teams
• Strong background in building or integrating security data platforms (e.g., Splunk, Elastic, Chronicle, Snowflake, Anvilogic)
• Experience with cloud-native security architectures (AWS, Azure, GCP) and hybrid infrastructure
• Familiarity with LLMs, vector databases, and AI/ML pipelines for security use cases
• Hands-on experience with log streaming, data normalization, and federated search technologies (e.g., Cribl, Trino, Anvilogic)
• Deep understanding of SOC workflows, threat hunting methodologies, and MITRE ATT&CK framework
• Experience with API-based integrations, open-source security tooling, and secure platform design
• Secure Coding experience.

Managerial Responsibilities:
This position may also have responsibilities for managing associates. At Bank of America, all managers at this level demonstrate the following responsibilities, in addition to those specific to the role, listed above.

• Opportunity & Inclusion Champion: Models an inclusive environment for employees and clients, aligned to company Great Place to Work goals.
• Manager of Process & Data: Demonstrates deep process knowledge, operational excellence and innovation through a focus on simplicity, data based decision making and continuous improvement.
• Enterprise Advocate & Communicator: Communicates enterprise decisions, purpose, and results, and connects to team strategy, priorities and contributions.
• Risk Manager: Ensures proper risk discipline, controls and culture are in place to identify, escalate and debate issues.
• People Manager & Coach: Provides inspection, coaching and feedback to motivate, differentiate and improve performance.
• Financial Steward: Actively manages expenses and budgets in alignment with objectives, making sound financial decisions.
• Enterprise Talent Leader: Assesses talent and builds bench strength for roles across the organization.
• Driver of Business Outcomes: Delivers results by effectively prioritizing, inspecting and appropriately delegating team work.

Skills:

• Influence
• Risk Management
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Analytical Thinking
• Application Development
• Collaboration
• Result Orientation
• Solution Delivery Process
• Agile Practices
• Architecture
• Automation
• Data Management
• DevOps Practices

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

GIS Policy Regulatory Management Specialist represents Global Information Security (GIS) while working with Compliance, Risk, Legal, FLU's and Enterprise functions, consulting on all regulations with Global Information Security applicability. Expected to read published laws rules regulations and guidance’s (LRRGs), understand how they apply to GIS and map them to GIS policy. Maintain the inventory of LRRGs and mappings in the system of record and update the mappings as needed when policy language changes. Must be able to assess regulatory requirements against GIS policy, controls and assessment proof points. Drive action plans to address any regulatory gaps and ensure accurate risk and compliance reporting. Will work closely with subject matter experts including GIS Policy, Risk, Audit, Lines of Business, Legal, Compliance and external regulators as needed.Additional expectations of role:
• Ensure Laws, Rules, Regulations and Guides (LRRGs) in the GIS inventory are mapped to GIS policies and identified gaps are addressed to ensure policy coverage of regulatory requirements, industry standards and best practices.
• Breakdown and map assigned Laws, Rules, Regulations and Guides (LRRGs) to GIS policy requirements
• Raise any identified policy language gaps to be validated and remediated
• Perform Impact Assessments for any GIS policy changes (standards and baselines) to ensure coverage is maintained to aligned LRRGs
• Perform Impact Assessments for GIS Policy Exception Types to ensure a policy violation is not created based on aligned LRRGs
• Maintain accurate data for all LRRGs and GIS policy mappings in the system of records through BAU and QA routines
• Publish routine reports for Regulatory Landscape, metrics, newsletters, etc
• Maintain process documentation and playbooks
• Analytical mindset and teamwork to support and improve the GIS Policy Governance ecosystem.
• Technical and business knowledge to ensure policy language gaps are covered by policy and have aligned controls.
• Result-oriented, business focused, and successful individual to interface across multiple organizational units, at various levels.
• Knowledge/experience/exposure with information security topics, including the design, development, testing, implementation or governance of information security practices and solutions
• Knowledge of access management/risk identification and mitigation/project management skills.

Minimum Years of Experience
5

Required Qualifications:
• Previous experience in Information Technology / Information Security
• Ability to identify, analyze and address problems to resolve issues whenever possible in a way that minimizes negative impact and risk to the organization
• Strong critical thinking/analytical skills/problem solving/conceptual thinking
• Highly effective written and verbal communication skills.
• Microsoft Office Proficient (Excel, Word, Outlook, Visio, PowerPoint, etc.)
• Ability to communicate complex information in simple terms (oral and written)
• Strong organization skills with the ability to prioritize requests and workload accordingly
• Strong analysis and fact-based decision-making
• Strong leadership skills and qualities which enable you to work with peers and various levels of management
• Proven ability of risk oriented approach and Strong risk management acumen.
• Influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding
• Ability to work independently on initiatives with little oversight.
• Motivated and willing to learn.
• Quick learner and self-starter

Desired Qualifications
• 5 years of experience operating within an information security environment.
• Bachelor's degree in Information Technology or related field
• Prior Governance, Compliance, and or Audit experience desired.
• Broad awareness of information security operations and/or enterprise information technology (Enterprise data management, application development, network management).
• Familiarity with independent audit, assessment, QA/QC functions desired.
• Leadership competency in geographically diverse matrixed environment.
• Must be comfortable communicating technology impacts and risk to various levels of executive management understanding the need to tailor and deliver appropriate content for given audience.
• Ability to work with Technical and Non Technical business owners
• Experience with Project Management or working with Project Managers

Skills:

• Customer and Client Focus
• Interpret Relevant Laws, Rules, and Regulations
• Policies, Procedures, and Guidelines
• Problem Solving
• Quality Assurance
• Business Acumen
• Controls Management
• Innovative Thinking
• Process Management
• Stakeholder Management
• Business Process Analysis
• Data Governance
• Data Privacy and Protection
• Data and Trend Analysis
• Risk Analytics

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

Job Description:

Responsibilities:
• Contribute to Cybersecurity initiative portfolio oversight by leading financial routines and maintaining a consolidated view of financial performance
• Develop financial reporting and dashboards for leadership
• Partner with Finance team to plan and manage forecast accuracy
• Work with Program and Project Managers to track and report on financial health of multiple on-going projects

Required Skills:
· 3 to 5 years financial institution experience
· Previous experience with Bank of America tools – PMMT, PPRT and TPAS.
· Proficiency with MS Office, including master Excel skills
· Strong leadership in a matrixed environment
· Strong financial management skills
· Experience with multiple project management methodologies
· Strong communication skills
· Proven ability to prioritize work and meet deadlines
· Analytical mindset and proactive approach to problem identification and solving
· Excellent attention to detail and organizational skills

Desired:
· Understanding of Information Security project portfolios
· Certificate(s) in Cybersecurity
· Bachelor’s Degree in Finance, Accounting, Business or equivalent work experience

Job Description:

Role Description:

The SSD team executes their mission I through by alignment to 3 key areas: securing coding and integration with software development pipelines, performing comprehensive security reviews of applications within the enterprise change toll- gating processes, and early engagement and security consulting on critical transformation initiatives. A key requirement to ongoing success is to understand the transformational efforts under way and how to position the team to continue to provide exemplary security reviews. 10 Years of Experience

Primary responsibilities also include:
• Strategic Leadership: Develop and implement cybersecurity strategies throughout the Software Development Life Cycle (SDLC).
• Risk Management: Identify and mitigate security risks associated with software development and deployment.
• Policy Development: Create and enforce security policies, standards, and guidelines related to SDLC processes.
• Teams Collaboration: Collaborate with development, QA, and operations teams to ensure security best practices are integrated at every stage of the SDLC.
• Training & Awareness: Lead training programs to enhance team awareness of secure coding practices and cybersecurity threats.
• Compliance Oversight: Ensure adherence to industry regulations and compliance standards (e.g., GDPR, HIPAA).
• Continuous Improvement: Monitor and assess the effectiveness of security measures, driving continuous improvement initiatives.
• Stakeholder Engagement: Communicate security risks and strategies to senior management and other stakeholders.

Required Skills:
• Minimum 5-10 years leading large scale cyber defense organizations
• Experience leading teams of geographically distributed staff
• Ability to bring multiple stakeholders together, including senior business leaders, operations, risk, finance, regulatory, and cut to the heart of issues to reach consensus
• Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input, and when to act independently
• Ability to skillfully lead and guide others to prioritize work and meet deadlines
• Bias for action and a commitment to build partnerships in a dynamic risk & threat driven environment
• Possesses a solid understanding of the technologies underlying our platforms and the confidence to engage in technical discussions across the organization
• Technical Expertise: Significant knowledge of cybersecurity threats, controls and technologies, with a deep understanding/experience with software developer experiences to bridge the gap between the theoretical and practical application.

Desired Qualifications
• Ability to interface effectively with executive leadership and senior bank regulators
• Strong cyber thought leader and strategist who can influence at very senior levels of the organization
• Inspires teams across GIS, GT, and control partners to deliver together
• Strong interpersonal skills; ability to make effective presentations and communicate technical concepts to non-technical parties
• Exhibits executive leaderships behaviors when addressing organizational conflict and removing roadblocks to effective delivery
• Strong relationship management skills to navigate the complexities of gaining buy-in and building consensus
• Excellent communication, influencing and facilitation skills with ability to explain rationale and importance of SbD requirements
• Demonstrate neutral objectivity and seek the best outcome for the business. Enterprise mindset; considers E2E process impact when evaluating opportunities/challenges
• Maximizes organizational capability with a demonstrated commitment to valuing diversity

Job Description:

The purpose of this position is to perform the role of a Policy Lead who coordinates and leads development of information security policies for publication to the enterprise. The role may also lead policy-related projects, such as those related to operational excellence initiatives, process improvements or remediation of audit or regulatory issues.

Coordinate and lead development of enterprise information security policies, working with subject matter experts and support partners, including Global Information Security, Global Technology teams and Global Compliance & Operational Risk.
Required Qualifications. Generally requires 5 years of experience.

Additional expectations of role:
• Part of a team within Global Information Security that manages the process to maintain the Information Security - Enterprise Policy, ten supporting Standards and a portfolio of product/platform specific security policies.
• Lead working sessions with SMEs to document information security policy requirements that are applicable to the enterprise and across various platforms, products and technologies. Lead impact assessment and socialization with stakeholders. Prepare governance materials.
• Engage with GIS and Technology partners to ensure alignment of policies to laws, rules, regulations, industry frameworks, processes/controls and emerging threats.
• Lead various projects such as those related to policy process improvements, operational excellence initiatives, resolution of audit/regulatory issues, etc.

Required Skills:
• Previous experience in Information Technology and/or Information Security. Prior Governance, Compliance, and/or Audit experience a plus.
• Highly effective written and verbal communication skills.
• Ability to facilitate conversations which involve technical and sometimes complex information security topics and drive SMEs to a consensus.
• Microsoft Office proficient (Word, Excel, Outlook, PowerPoint) – Advanced Word skills preferred
• Strong critical thinking/analytical skills/problem solving/conceptual thinking
• Strong analysis and fact-based decision-making
• Strong organization skills with the ability to prioritize requests and workload accordingly (fast paced work environment with multiple deliverables with short term due dates)
• Ability to work independently on initiatives with little oversight and to work with associates at all levels of the organization
• Quick learner, self-starter who is motivated to learn