דרושים Vulnerability Identification Quality Control Analyst ב-Bank Of America ב-United States, Denver

Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Typically has 3-5+ years of relevant experience and will act as an individual contributor.

This position will be a member of the GIS Vulnerability Identification Assurance (VIA) Vulnerability Identification QC (Quality Control) team. In this role, you will help implement, manage, and monitor the effectiveness of infrastructure vulnerability identification efforts to protect the confidentiality, integrity, and availability of the line of businesses’ (LOB) information assets, primarily developing and implementing enhanced QC routines for remediation validation.

This role is responsible for establishing processes and controls to monitor CVE based vulnerabilities and associated risk on technology where we do not have GIS tools for automated scanning. They will work with stakeholders, Product Owners and Software Engineers to aid in the implementation of data requirements, analyze QC performance, conduct QC related research and troubleshoot any issues.

• Analyze findings from vulnerability reporting workstreams, to perform targeted QC on the vulnerabilities being reported and QC around scope of inventory being assessed.

• Review current existing vulnerability detection processes for ways to streamline and make them more efficient.

• Respond to relevant requests received from stakeholders, or representatives of stakeholders, for investigation of potential technology-based identification reporting issues.

• Performs other related duties incidental to the work described herein and all special assignments as needed or assigned.

• Lead effective and sustainable activities associated with required VAI QC’s technology-based identification P2 closures evaluations.

• Scope: where scanning signatures do not exist or findings are derived from vendor appliances where authenticated scanning cannot occur.

• Support the expansion of a technology-based identification activity for GIS

• Support the expansion of QC to cover workstation and ATM vulnerabilities, which are fed from non-GIS teams today.

• Experience with CVE vulnerability analytics as a focus area within Information Security

• Strong experience with CVE based vulnerability identification and risk analysis

• Experience explaining analytics in plain English and ability with communicating associated risk

• Ability to see the larger picture across the teams in the organization to build consensus and drive results

• Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals

• Identify and develop proposals for program improvement

• Independent and able to work in an ever changing, fast paced environment

Required Skills:

• 3-5+ years of experience in information security and/or data management roles

• 3-5+ years of experience with vulnerability management and/or assessment

• Ability to creatively approach difficult problems to provide a viable solution for risk visibility and risk reduction in the enterprise

• 3-5+ years of experience with vulnerability management and/or assessment

• Good communication skills, and the ability to understand and translate cyber security threats from a technical perspective to business-line understanding and execution; ability to communicate risks and propose counter measures to senior technology executives

• Ability to review and analyze QC data to determine overall risk

• Ability to work independently on initiatives with little oversight; Motivated and willing to learn

• Broad technical background utilizing security technologies, such as Server and Workstation Operating Systems, Network Security, Vulnerability Scanning Engines, and Compliance Management solutions

• Strong PC skills including Microsoft Office applications.

Desired Qualifications:

Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.

Role Description/what you can expect in Identity & Access Management:

In today’s highly connected world, managing and securing human and machine identities is essential to the safety and success of our workforce. The Identity & Access Management (IAM) team works within Global Information Services (GIS) and in close participation with all other Line of Business teams as well as second and third line of defense partners. Identity and Access Management is the centralized governance function for the enterprise, driving consistency through end-to-end horizontal risk oversight as well as vertical, functional capabilities that provide comprehensive subject matter expertise on all IAM systems and services. This role is highly visible and requires frequent interaction with senior management and key stakeholders. In this role, the IAM Governance Analyst will be responsible for identifying IAM policy requirements, monitoring adherence, escalating compliance risks, driving remediation strategies and plans, as well as leading coordination for regulatory activities, e.g. audits, compliance self-testing activities, and regulatory exams.

Responsibilities:

• Support the planning, development and delivery to improve IAM compliance through governance activities

• Work with the Line of Business (LOB) Partners to manage identity lifecycle and access governance activities including developing, maintaining, and facilitating the socialization of IAM policy standards, processes, and procedures.

• Provide extensive Active Directory security best practices and consultation to the cross functional teams, ensuring compliance with IAM standards, and better protect high value assets against cyberattacks.

• Drive the implementation of Microsoft Privileged Access Enterprise Access and Tiered Administration models.

• Ensure the Privileged Access Enterprise Access model delivers resiliency mitigating attack paths and provide efficient security controls for protecting high value assets.

• Provide informative documentation and oversee governance and security of on-premises and cloud identities in hybrid environment.

• Collaborate with stakeholders to develop cutting-edge IAM policies and standards that iteratively support IAM enhancements across process, data, and technology.

• Engage and consult with all IAM capabilities to identify gaps and establish solutions to close gaps.

• Maintain end-to-end governance processes across the IAM space with aligned controls and metrics to evaluate control effectiveness.

• Participate in multiple forums with high level executives to communicate compliance expectations, provide strategic direction and oversight, and provide a mechanism for reviewing decisions with downstream impacts.

• Drive partnership with Operational Risk partners on IAM related Compliance Monitoring and Testing activities.

• Apply industry best practices, templates, and documentation while also proposing improvements.

• Clearly articulate the reasons and methods behind proposed changes through informative materials for educating others.

• Provide education to team members regarding the proposed changes.

Required Qualifications:

• Ability to manage data and conduct data analytics, reviewing responses prior to delivery of regulatory, audit, and process responses.

• Recommended 3-5 years’ experience implementing IAM solutions, controls, and capabilities.

• Proficient in implementing and governing Risk and Role based access security controls in Active Directory.

• Extensive experience in managing Active Directory to enforce privileged access controls.

• Ability to influence cloud technology owners to build more secure processes.

• Strong understanding and risk management mindset, proactively mitigating PAM related risks.

• Familiarity with NIST 800-53, COBIT, COSO, and/or ISO, and attack frameworks such as MITRE , as well as IAM-specific laws, rules, and regulations within the financial services sector.

• Experience planning, researching and developing security strategies, standards, and procedures.

• Strong technical background and ability to learn new technologies quickly.

• Ability to identify, analyze and address problems to resolve issues whenever possible in a way that minimizes negative impact and risk to the organization.

• Ability to work independently on initiatives with little oversight. Motivated and willing to learn.

• Strong analytical skills / problem solving / conceptual thinking.

• Ability to be comfortable delivering messages across a wide spectrum of audiences with varying degrees of technical understanding.

• Strong leadership skills and qualities which enable you to work with peers and various levels of management.

• Excellent interpersonal and communication skills

• Ability to question processes for the purpose of improving them.

Responsibilities:

• Subject Matter Expert for the products, solutions and capabilities that comprise our capability model

• Provide technical guidance on solution delivery as well as assist other on-going engagements for resolving critical issues

• Lead design and implementation of complex enhancements or On-board / integrate new applications effort

• Work with technology vendors as appropriate to resolve product issues, technology evaluations, and design reviews

• Capture and translate new requirements into operational and engineering deliverables and outcomes.

• Participate in continuous improvement initiatives, identify ways to improve delivery to increase efficiencies

• Meet demands of managing multiple work streams, communicating effectively with senior technology and business leadership, and demonstrate experience leading large and complex projects and global programs.

• Assess and advise project management implications throughout projects' timelines, including development of strategies, readiness assessment, development of training and communications.

• Articulate technical and business issues and solutions effectively to business or technical staff across organizational layers

Required Qualifications:

• 5+ years’ experience driving complex IAM projects and programs .

• 3+ years’ experience implementing IAM Identity Cloud solutions, controls, and capabilities.

• Strong communications, interpersonal and influencing skills

• Excellent organizational skills, able to manage multiple work streams simultaneously and respond to rapidly changing demands

• Experience working with frequently-utilized IAM vendor solutions such as SailPoint, ForgeRock, Ping, CyberArk, EntraID, Hashicorp, etc. in large enterprises

• Knowledge of cloud platforms (AWS, Azure, GCP etc.) experience in deploying and managing identity solutions on cloud platforms.