Senior Third Party Information Security Officer
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities, and shareholders every day.
One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.
Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.
Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!
Job Description:
The Senior Third Party Information Security Officer will be a member of the Third Party Cyber Assurance organization and will work closely with the most critical Third Parties supporting Front Line Units (FLU), Technology and Operations (Ops) executives. In this role, you will be executing against a newly developed assurance program. You will dive deep into the information security controls of the Third Party to gain a better understanding of the control environment that supports the services being provided to the business. You’ll develop relationships with the Third Parties to understand their control environment, share best practices and consult on emerging cyber risks. You will drive expected improvements in the Third Parties’ control environment by being a trusted partner that can be sought out to provide advice and recommendations.
Responsibilities:
- Develop deep relationships with the most critical Third Parties, including the Front Line Unit / Third Party Executives, and the Enterprise Vendor Managers to become a key partner understanding the services and the technology being provided.
- Aligning to emerging risks, perform deep dive reviews of the Third Parties’ control environment to identify potential gaps and/or best practices.
- Assesses risks and effectiveness of Third Party processes and controls based on the “Enhanced Third Party Cyber Assurance” program to ensure information security risk is within Bank tolerated limits.
- Identifies and escalates problems or issues that arise while driving actions to address the root causes leading to remediation of the concern.
- Review Third Party Technical workflows, SBOMs, applications, Cloud Security (SaaS), Data Security, Encryption, Hardware Security Modules, Multi Factor Authentication, Endpoint Detection and Response tools, etc. that support Bank processes to deliver an opinion on the efficacy of the intended results supporting information security risk.
- Contribute to the ongoing development of the Enhanced Third Party Cyber Assurance program by identifying continuous process improvements based on feedback provided.
- Advises management on risks and issues related to Third Party information security while recommending actions in support of the bank's wider risk management expectations.
- Monitors and analyzes information security/cybersecurity threats and trends, both internal and external to the Bank to drive improvements to the Enhanced program while keeping leadership informed.
- Work across the assessment verticals to ensure the Enhanced Assurance process is aligned to meet Third Party Cyber Assurance (TPCA) strategy and goals.
- Assist with resource planning to ensure the Enhanced program has the necessary resources to effectively execute the assessments.
Required Skills:
- Information Security & Technology professional with 10+ years of experience.
- 5 – 10 years of risk management experience with proven ability to effectively apply risk principles in challenging situations.
- Experience evaluating cybersecurity controls and providing guidance for enhancements.
- Proven track record of developing and implementing security strategies in complex environments.
- Previous information technology/security, audit/assessment experience preferred.
- Directly or via a team, documents, analyzes, reports and escalates as needed risk issues (e.g., control weaknesses, violations, metric breaches); synthesizes the data for emerging trends or systemic issues.
- Ability to develop relationships and leverage to gain insights.
- Strong attention to detail, analytical skills, ability to multi-task, and ability to work both independently as well as part of the Enhanced Third Party Cyber Assurance team is also required.
- Must be able to plan, execute and document assessment activities within an ambiguous environment using documented analysis and professional judgement.
- Exceptional executive presentation and communication skills, influencing and problem resolution skills.
- Comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
- Strong leadership skills and qualities which enable you to work with peers and various levels of management.
- Relevant certifications such as CISSP, CCSP, CISA, CISM, or CRISC are highly desirable.
Technical Skills:
- Expertise in network security principles and technologies.
- Deep understanding of transmission protocols and secure communication channels.
- Knowledge of secure by design principles.
- Expertise in Cloud Security Principles.
- Knowledge of Software Development and in-depth understanding of APIs.
- Proficiency in conducting technology reviews to assess security controls.
- Solid grasp of security architecture principles and best practices.
Other Skills:
- Advisory
- Relationship building
- Monitoring, Surveillance, and Testing
- Regulatory Compliance
- Reporting
- Risk Management
- Critical Thinking
- Influence
- Interpret Relevant Laws, Rules, and Regulations
- Issue Management
- Policies, Procedures, and Guidelines Management
- Business Process Analysis
- Decision Making
- Negotiation
- Process Management
- Written Communications
#J-18808-Ljbffr