Senior Third Party Information Security Officer

Senior Third Party Information Security Officer

Washington, District of Columbia;Chicago, Illinois; Denver, Colorado

Job Description :

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description :

The Senior Third Party Information Security Officer will be a member of the Third Party Cyber Assurance organization and will work closely with the most critical Third Parties supporting Front Line Units (FLU), Technology and Operations (Ops) executives. In this role, you will be executing against a newly developed assurance program. You will dive deep into the information security controls of the Third Party to gain a better understanding of the control environment that support the services being provided to the business. You’ll develop relationships with the Third Parties to understand their control environment, share best practices and consult on emerging cyber risks. You will drive expected improvements in the Third Parties’ control environment by being a trusted partner that can be sought out to provide advice and recommendations.

Responsibilities :

Develop deep relationships with the most critical Third Parties, including the Front Line Unit / Third Party Executives, and the Enterprise Vendor Managers to become a key partner understanding the services and the technology being provided.

Aligning to emerging risks, perform deep dive reviews of the Third Parties’ control environment to identify potential gaps and / or best practices

Assesses risks and effectiveness of Third Party processes and controls based on the “Enhanced Third Party Cyber Assurance” program to ensure information security risk is within Bank tolerated limits.

Identifies and escalates problems or issues that arise while driving actions to address the root causes leading to remediation of the concern.

Review Third Party Technical workflows, SBOMs, applications, Cloud Security (SaaS), Data Security, Encryption, Hardware Security Modules, Multi Factor Authentication, Endpoint Detection and Response tools, etc. that support Bank processes to deliver an opinion on the efficacy of the intended results supporting information security risk.

Contribute to the ongoing development of the Enhanced Third Party Cyber Assurance program by identifying continuous process improvements based on feedback provided.

Advises management on risks and issues related to Third Party information security while recommending actions in support of the bank's wider risk management expectations.

Monitors and analyzes information security / cybersecurity threats and trends, both internal and external to the Bank to drive improvements to the Enhanced program while keeping leadership informed.

Work across the assessment verticals to ensure the Enhanced Assurance process is aligned to meet Third Party Cyber Assurance (TPCA) strategy and goals.

Assist with resource planning to ensure the Enhanced program has the necessary resources to effectively execute the assessments.

Required Skills

Information Security & Technology professional with 10 years of experience.

5 – 10 years of risk management experience with proven ability to effectively apply risk principles in challenging situations

Experience evaluating cyber security controls and providing guidance for enhancements

Proven track record of developing and implementing security strategies in complex environments.

Previous information technology / security, audit / assessment experience preferred.

Directly or via a team, documents, analyzes, reports and escalates as needed risk issues (e.g., control weaknesses, violations, metric breaches); synthesizes the data for emerging trends or systemic issues

Ability to develop relationships and leverage to gain insights.

Strong attention to detail, analytical skills, ability to multi-task, and ability to work both independently as well as part of the Enhanced Third Party Cyber Assurance team is also required.

Must be able to plan, execute and document assessment activities within an ambiguous environment using documented analysis and professional judgement.

Exceptional executive presentation and communication skills, influencing and problem resolution skills

Comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding

Strong leadership skills and qualities which enable you to work with peers and various levels of management

Relevant certifications such as CISSP, CCSP, CISA, CISM, or CRISC are highly desirable.

Technical Skills

Expertise in network security principles and technologies

Deep understanding of transmission protocols and secure communication channels.

Knowledge of secure by design principles.

Expertise in Cloud Security Principles

Knowledge of Software Development and in-depth understanding of API’s.

Proficiency in conducting technology reviews to assess security controls

Solid grasp of security architecture principles and best practices.

Other Skills : Advisory

Relationship building

Monitoring, Surveillance, and Testing

Regulatory Compliance

Reporting

Risk Management

Critical Thinking

Influence

Interpret Relevant Laws, Rules, and Regulations

Issue Management

Policies, Procedures, and Guidelines Management

Business Process Analysis

Decision Making

Negotiation

Process Management

Written Communications

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift :

1st shift (United States of America)

Hours Per Week :

Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.

To view the "EEO is the Law" poster, CLICK HERE () .

To view the "EEO is the Law" Supplement, CLICK HERE () .

View the LA County Fair Chance Ordinance () .

Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.

To view Bank of America’s Drug-free Workplace and Alcohol Policy, CLICK HERE .

This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.