Expoint - all jobs in one place

המקום בו המומחים והחברות הטובות ביותר נפגשים

Limitless High-tech career opportunities - Expoint

Bank Of America Senior Information Security Officer 
United States, Colorado, Denver 
712631975

02.07.2024

Job Description

The Senior Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies and controls.

Scale/Scope

  • Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.

  • Serves as an Information Security subject matter expert and participates in the development, implementation and maintenance of information security for the line of business (LOB)

  • Provides guidance and advocacy regarding the prioritization of LOB investments that impact information security

  • Advises LOB management on risk issues related to information security and recommends actions in support of the bank's wider risk management and compliance programs

  • Monitors information security trends internal and external to the bank and keeps LOB leadership informed about information security-related issues

  • Partners with security, business and technology teams to triage and resolve critical security issues and/or vulnerabilities in a rapid response and cyber command center setting

  • Engages senior and technical third party security experts to evaluate and implement compliant and comprehensive security solutions to meet industry and Bank of America requirements

  • Manages quality control and reporting

  • Ensures compliance with policies and laws

Risk Management

  • Drives GIS/LOB risk deliverables

  • Collaborates with risk partners on info security critical priorities

  • Participates in senior LOB specific Risk Management & Business Continuity Routines

  • Identifies and measures global information security (GIS) controls on most critical business processes or channels

  • Partners to develop risk management solutions and/or remediation plans to address process or technical security defects

Leadership/Strategy

  • Has a deep understanding of security for computing platforms (PaaS)

  • Has a solid grasp of security in big data and other instructed large data structures

  • Ability to build strong Partner relationships with peer technology groups and supported LOB

  • Supports the triage process with the client and helps them understand the GIS support structure

  • Drives required risk culture and partnership with peer technology teams and supported LOB

  • Participates in key CIO operating routines to drive information security risk strategy

  • Ability to influence senior leadership, strategy and third party remediation to meet security requirements

  • Supports contract negotiations and escalations to facilitate third party onboarding and management

Required Skills

  • Information Security & Technology professional with 10+ years’ experience

  • 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations

  • 3+ years of security integration, governance or architecture or engineering on Amazon Web Services

  • Must have experience with requirements and certification for HIPAA, PCI, SOC 2, GLBA, Compliance

  • Expertise in Cryptography and key management across high volume transaction platforms

  • Security architecture of core payment systems (i.e. ACH, P2P, B2B)

  • AAA with modern authentication methods for consumer banking systems

  • Application development or systems engineer

  • Multi-cloud security management

  • Prior card network experience preferred

  • Network Security Controls

  • DLP & Vulnerability Management

  • Familiar with Container security concepts

  • Subject matter expertise in application security, vulnerability testing and development of risk appetite

  • Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS)

  • Experience with information security for No SQL, Big Data , and unstructured data stores (Cassandra, Hadoop, and /or Teradata)

  • Knowledge in Windows, Midrange and Mainframe Platforms with emphasis on security and access controls.

  • Exceptional executive presentation and communication skills

  • Excellent influencing and problem resolution skills

  • Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding

  • Strong leadership skills and qualities which enable you to work with peers and various levels of management

Desired Skills:

  • Bachelors and/or Master’s degree in Computer Science, Information Technology or related field

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

1st shift (United States of America)