Bank Of America Senior Information Security Officer 

United States, Colorado, Denver 

712631975

Job Description

The Senior Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies and controls.

Scale/Scope

• Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.

• Serves as an Information Security subject matter expert and participates in the development, implementation and maintenance of information security for the line of business (LOB)

• Provides guidance and advocacy regarding the prioritization of LOB investments that impact information security

• Advises LOB management on risk issues related to information security and recommends actions in support of the bank's wider risk management and compliance programs

• Monitors information security trends internal and external to the bank and keeps LOB leadership informed about information security-related issues

• Partners with security, business and technology teams to triage and resolve critical security issues and/or vulnerabilities in a rapid response and cyber command center setting

• Engages senior and technical third party security experts to evaluate and implement compliant and comprehensive security solutions to meet industry and Bank of America requirements

• Manages quality control and reporting

• Ensures compliance with policies and laws

Risk Management

• Drives GIS/LOB risk deliverables

• Collaborates with risk partners on info security critical priorities

• Participates in senior LOB specific Risk Management & Business Continuity Routines

• Identifies and measures global information security (GIS) controls on most critical business processes or channels

• Partners to develop risk management solutions and/or remediation plans to address process or technical security defects

Leadership/Strategy

• Has a deep understanding of security for computing platforms (PaaS)

• Has a solid grasp of security in big data and other instructed large data structures

• Ability to build strong Partner relationships with peer technology groups and supported LOB

• Supports the triage process with the client and helps them understand the GIS support structure

• Drives required risk culture and partnership with peer technology teams and supported LOB

• Participates in key CIO operating routines to drive information security risk strategy

• Ability to influence senior leadership, strategy and third party remediation to meet security requirements

• Supports contract negotiations and escalations to facilitate third party onboarding and management

Required Skills

• Information Security & Technology professional with 10+ years’ experience

• 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations

• 3+ years of security integration, governance or architecture or engineering on Amazon Web Services

• Must have experience with requirements and certification for HIPAA, PCI, SOC 2, GLBA, Compliance

• Expertise in Cryptography and key management across high volume transaction platforms

• Security architecture of core payment systems (i.e. ACH, P2P, B2B)

• AAA with modern authentication methods for consumer banking systems

• Application development or systems engineer

• Multi-cloud security management

• Prior card network experience preferred

• Network Security Controls

• DLP & Vulnerability Management

• Familiar with Container security concepts

• Subject matter expertise in application security, vulnerability testing and development of risk appetite

• Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS)

• Experience with information security for No SQL, Big Data , and unstructured data stores (Cassandra, Hadoop, and /or Teradata)

• Knowledge in Windows, Midrange and Mainframe Platforms with emphasis on security and access controls.

• Exceptional executive presentation and communication skills

• Excellent influencing and problem resolution skills

• Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding

• Strong leadership skills and qualities which enable you to work with peers and various levels of management

Desired Skills:

• Bachelors and/or Master’s degree in Computer Science, Information Technology or related field

​This job will be open and accepting applications for a minimum of seven days from the date it was posted.

1st shift (United States of America)