Bank Of America Senior Third Party Information Security Officer 

United States, District of Columbia, Washington 

154497212

Job Description:

Job Description:

The Senior Third Party Information Security Officer will be a member of the Third Party Cyber Assurance organization and will work closely with the most critical Third Parties supporting Front Line Units (FLU), Technology and Operations (Ops) executives. In this role, you will be executing against a newly developed assurance program. You will dive deep into the information security controls of the Third Party to gain a better understanding of the control environment that support the services being provided to the business. You’ll develop relationships with the Third Parties to understand their control environment, share best practices and consult on emerging cyber risks. You will drive expected improvements in the Third Parties’ control environment by being a trusted partner that can be sought out to provide advice and recommendations.

Responsibilities:

• Develop deep relationships with the most critical Third Parties, including the Front Line Unit / Third Party Executives, and the Enterprise Vendor Managers to become a key partner understanding the services and the technology being provided.
• Aligning to emerging risks, perform deep dive reviews of the Third Parties’ control environment to identify potential gaps and/or best practices
• Assesses risks and effectiveness of Third Party processes and controls based on the “Enhanced Third Party Cyber Assurance” program to ensure information security risk is within Bank tolerated limits.
• Identifies and escalates problems or issues that arise while driving actions to address the root causes leading to remediation of the concern.
• Review Third Party Technical workflows, SBOMs, applications, Cloud Security (SaaS), Data Security, Encryption, Hardware Security Modules, Multi Factor Authentication, Endpoint Detection and Response tools, etc. that support Bank processes to deliver an opinion on the efficacy of the intended results supporting information security risk.
• Contribute to the ongoing development of the Enhanced Third Party Cyber Assurance program by identifying continuous process improvements based on feedback provided.
• Advises management on risks and issues related to Third Party information security while recommending actions in support of the bank's wider risk management expectations.
• Monitors and analyzes information security / cybersecurity threats and trends, both internal and external to the Bank to drive improvements to the Enhanced program while keeping leadership informed.
• Work across the assessment verticals to ensure the Enhanced Assurance process is aligned to meet Third Party Cyber Assurance (TPCA) strategy and goals.
• Assist with resource planning to ensure the Enhanced program has the necessary resources to effectively execute the assessments.

Required Skills

• Information Security & Technology professional with 10+ years of experience.
• 5 – 10 years of risk management experience with proven ability to effectively apply risk principles in challenging situations
• Experience evaluating cyber security controls and providing guidance for enhancements
• Proven track record of developing and implementing security strategies in complex environments.
• Previous information technology/security, audit/assessment experience preferred.
• Directly or via a team, documents, analyzes, reports and escalates as needed risk issues (e.g., control weaknesses, violations, metric breaches); synthesizes the data for emerging trends or systemic issues
• Ability to develop relationships and leverage to gain insights.
• Strong attention to detail, analytical skills, ability to multi-task, and ability to work both independently as well as part of the Enhanced Third Party Cyber Assurance team is also required.
• Must be able to plan, execute and document assessment activities within an ambiguous environment using documented analysis and professional judgement.
• Exceptional executive presentation and communication skills, influencing and problem resolution skills
• Comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding
• Strong leadership skills and qualities which enable you to work with peers and various levels of management
• Relevant certifications such as CISSP, CCSP, CISA, CISM, or CRISC are highly desirable.

Technical Skills

• Expertise in network security principles and technologies
• Deep understanding of transmission protocols and secure communication channels.
• Knowledge of secure by design principles.
• Expertise in Cloud Security Principles
• Knowledge of Software Development and in-depth understanding of API’s.
• Proficiency in conducting technology reviews to assess security controls
• Solid grasp of security architecture principles and best practices.

Other Skills:

• Advisory
• Relationship building
• Monitoring, Surveillance, and Testing
• Regulatory Compliance
• Reporting
• Risk Management
• Critical Thinking
• Influence
• Interpret Relevant Laws, Rules, and Regulations
• Issue Management
• Policies, Procedures, and Guidelines Management
• Business Process Analysis
• Decision Making
• Negotiation
• Process Management
• Written Communications

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

1st shift (United States of America)