Bank Of America Sr Business Information Security Officer BISO - Core Technologies 

United States, Colorado, Denver 

274396348

Job Description:

The Senior Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, you will be supporting the Global Information Security (GIS) Team, developing a deep understanding of this enterprise control function to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies, and controls. Additionally, this role will support GIS strategy and a highly visible Cyber Security Technology initiative portfolio.

Scale/Scope
• Serves as an Information Security subject matter expert and participates in the development, implementation and maintenance of information security for GIS
• Provides guidance and advocacy regarding the prioritization of investments that impact information security
• Engage with GIS SLT leaders and their teams to raise awareness of policies, standards and process changes that can impact their initiative portfolio
• Gain a strong understanding of GIS initiatives in order to share with the BISO SLT and their teams
• Monitors information security trends internal and external to the bank and keeps leadership informed
• Review platform architecture & data flow diagrams to identify security gaps
• Consults on GIS strategy, design, implementation and migration for technology initiatives
• Assess security opportunities and challenges and partner to determine best future state
• Influence and drive collaboration across teams for key initiatives, bringing in key stakeholders
• Serve as subject matter expert in BISO processes and participate in training and mentoring of new employees
• Monitors information security trends (internal and external to the bank) and keeps GIS leadership and their teams informed about information security-related issues
• Manages quality control and reporting
• Ensures compliance with policies and laws

Required Skills
• Information Security & Technology professional with 10+ years of experience in application development and/or Information Security
• 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations
• Subject matter expertise in application security, cloud security, DevSecOps, application architecture, design patterns, vulnerability testing and development of risk appetite
• Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms, including (Cloud/SaaS/IaaS/PaaS)
• Knowledge in Windows, Midrange and Mainframe Platforms with emphasis on security and access controls.
• Exceptional executive presentation and communication skills
• Excellent influencing and problem resolution skills
• Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding
• Possess strong / experienced cybersecurity engineering and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.
• Strong leadership skills and qualities which enable you to work with peers and various levels of management

Desired Skills:
• Experience working on cloud implementations in Microsoft Azure, Amazon Web Services and Google Cloud Platform environments
• Bachelors and/or Master’s degree in Computer Science, Information Technology or related field

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

1st shift (United States of America)