Job Description:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.
One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.
Job Description:
This job is responsible for assessing the bank's technologies, applications, and overall security controls to identify potential risks and vulnerabilities that may impact Bank of America's information security. Key responsibilities include understanding and complying of the Bank’s Global Information Security policy and relevant cyber security threats to complete security assessments. Job expectations include providing expert technical guidance to support partners and adapting testing methods to emerging cyber security regulations and evolving threats, while developing others on the team.
Core Job Responsibilities:
• Assesses systems controlling access to bank resources for compliance to security policies and controls by utilizing external threat frameworks, internal threat intelligence, and systems documentation.
• Leads the analysis, implementation, execution, and improvement of proactive security controls to prevent external threat actors from infiltrating company systems or information.
• Conducts research and provides leadership updates regarding advanced threats to compromise security controls and protocols.
• Leverages risk management practices, and internal escalation processes to document findings for remediation.
• Provides updates and recommendations to leadership regarding the status of system threat assessments including findings.
• Monitors new threats and complex attempts to compromise security controls while developing a deep expertise in the early lifecycle for security techniques to identify vulnerabilities before they present a risk to the bank.
• Develops strong partnerships by demonstrating operational expertise as a subject matter expert.
• Standup a vulnerability identification quality control framework for the Cloud environment; collaborating across Vulnerability Management to support end-to-end adoption.
• Collaborate to align strategy and roadmaps across Cloud Security, Cyber Security Operational Controls, Security Functions and Capabilities outlining goals/outcomes, milestones, and key initiatives to track progress and provide visibility into issues.
• Analyze current controls, identify Cloud opportunities, formulate recommendations, and develop action plans
• Provide consulting services as a cloud vulnerability identification subject matter expert.
• Quickly learn and evaluate new technologies for integration into cloud vulnerability management workstreams.
• Providing support for audit and regulatory related inquiries.
• Offer technical guidance to engineering staff to solve complex challenges.
Required Qualifications
• Strong knowledge of cloud platform (e.g., AWS, Azure, GCP) and cloud security best practices
• Demonstrate a deep working knowledge of cloud computing concepts, infrastructure architecture and security principles.
• Experience with implementing Continuous Threat & Exposure Management (CTEM) methodologies.
• Demonstrate a deep working knowledge of Vulnerability and Threat Exposure technologies.
• Ability to formulate SQL queries and perform data analysis.
• Ability to communicate complex concepts to all levels of understanding and technical ability.
Desired Qualifications
• CISSP and/or other security related certifications
This job will be open and accepting applications for a minimum of seven days from the date it was posted.
Shift:
1st shift (United States of America)
Hours Per Week:
40
