Bank Of America Vice President Cloud Information Security Exposure 

Australia, New South Wales, Sydney 

468658828

Key Responsibilities:

• Lead and oversee efforts to identify vulnerabilities and misconfigurations in Cloud platforms and workloads. Improve vulnerability identification quality control for the Cloud environment; collaborating across Vulnerability Management to support end-to-end adoption.
• Manage daily operations of Cloud security solutions such as Aqua, Wiz, Qualys, CrowdStrike
• Enhance vulnerability identification process for Hybrid Cloud platforms.
• Drive Cloud Security solutions in alignment with the Bank’s cloud strategy and in accordance with security best practices
• Leads the analysis, implementation, execution, and improvement of proactive security controls to prevent external threat actors from infiltrating company systems or information.
• Conducts research and provides leadership updates regarding advanced threats to compromise security controls and protocols.
• Monitors new threats and complex attempts to compromise security controls while developing a deep expertise in the early lifecycle for security techniques to identify vulnerabilities before they present a risk to the bank.
• Develops strong partnerships by demonstrating operational expertise as a subject matter expert.
• Collaborate to align strategy and roadmaps across Cloud Security, Cyber Security Operational Controls, Security Functions and Capabilities outlining goals/outcomes, milestones, and key initiatives to track progress and provide visibility into issues.
• Provide consulting services as a cloud vulnerability identification subject matter expert.
• Quickly learn and evaluate new technologies for integration into cloud vulnerability management workstreams.
• Providing support for audit and regulatory related inquiries.
• Offer technical guidance to engineering staff to solve complex challenges.

Skills and experience requirements:

• Deep understanding of Microsoft Azure and/or AWS native services, tools, and architecture.
• Deep understanding of cloud security
• Deep working knowledge of cloud threat landscape
• Deep technical experience in infrastructure and security functions
• Experience in DevSecOps and CI/CD pipeline integration through security engineering lifecycles.
• Experience writing requirements documentation.
• Understanding of Threat modeling and frameworks
• Understanding of vulnerability management and scanning tools
• Experience in project management
• Well-developed analytic, qualitative, and quantitative reasoning skills with a demonstrated creative problem-solving ability.
• Ability to work independently with little oversight on complex initiatives.
• Ability to communicate complex concepts to all levels of understanding and technical ability.

Desired Skills:

• CISSP/CCSP/CISM
• Cloud specific Security certifications such as SANS/GIAC
• Vendor specific and relevant certifications – AZ-500, SC-400, AWS Certified Security Specialty, CKA, CKS, RHCE, etc
• Bachelor’s and/or Masters degree in a technical field