What are the responsibilities and job description for the Third Party Info Security Consultant position at Bank of America?
Job Description:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.
One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.
Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.
Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!
This job is responsible for performing information security reviews of third parties, such as pre-assessment, assessment, and remediation activities that provide services to the bank. Key responsibilities include validating assessment scope, partnering with vendor managers and third parties to prepare them for the assessment, collecting and reviewing documentation during the assessment, determining if appropriate information security controls are in place, and completing an assessments of workpapers.
Bank of America maintains operational affiliations with various third-party entities, some with limited and others with substantial access to confidential data. The Third-Party Cyber Assurance team evaluates these entities to ensure they implement appropriate measures to safeguard customer and bank data. Additionally, regular assessments are conducted to review security risks and conducts due diligence against emerging threats in the third-party program. This includes assessing the suitability and risk profile of third parties before onboarding them.
We are seeking an Analyst to join our Pre-assessment Team, responsible for conducting proactive engagements with third parties to facilitate their assessment before the next assessment date. In this role, you will play a crucial part in boosting assessor capacity by centralizing due diligence activities and adapting to the changing threat landscape through dynamic evaluation of vendor risk.
Key Responsibilities:
Conduct proactive engagements with third parties to facilitate assessment processes before the next assessment date.
Centralize due diligence activities to boost assessor capacity and adapt to the changing threat landscape.
Validate entries in the Vendor Level Risk Assessment (VLRA) and Assessment Selection Criteria (ASC) calculation to ensure accurate risk assessment.
Provide direct support to the overall TPCA strategic objective of ensuring appropriate risk management of the bank third parties.
The successful candidate for the Pre-assessment Analyst role will possess a combination of skills vital for effective coordination, analysis, and decision-making. Strong communication and analytical abilities are fundamental for engaging with third parties, assessing risks, and ensuring accurate information dissemination. Attention to detail and organizational skills are crucial for meeting deadlines and prioritizing tasks effectively. We value individuals who possess a natural curiosity and a desire to continuously learn and grow. The ability to remain composed under pressure is essential, as this role often involves juggling multiple tasks and navigating challenging situations with ease. Furthermore, attention to detail is paramount in this role.
Required Qualifications:
Background in information security or risk management
Outstanding verbal and written communication skills
Ambitious, disciplined, hardworking, resilient, and willing to learn.
Risk management focused with a passion for excellence and positive team attitude.
Ability to think logically.
Highly organized and project management skills
Strong time management skills
Desired Qualifications:
Bachelor's degree in Information Technology, information security or related field
Strong analytical skills/problem solving/conceptual thinking.
Ability to work with technical and non-technical business owners.
This job will be open and accepting applications for a minimum of seven days from the date it was posted.
Shift:
1st shift (United States of America)Hours Per Week:
40
