hero






Sr Information Security Officer (Sr. Central Intake Lead)

Bank of America

Bank of America

IT
Denver, CO, USA · Chicago, IL, USA · United States · Remote
Posted on Jul 10, 2024

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Security and Solutions Design Program Governance team is seeking an innovative leader to serve as a Senior Central Intake Lead executing on the Business Information Security Office Central Intake Framework within the Secure by Design Evaluation (SBDE) program. This important role stands at the front door of requests for approval from Global Information Security (GIS), and functions as a hub gathering information from enterprise tollgate requests to GIS, enterprise technology data sources, Central Threat Defense Framework routines, and governance evaluations required by GIS Senior Leadership Team. This key team member’s work will require subject matter expertise in the scope of bank enterprise tollgates, understanding of potential information security impact of technical changes (including interpretation of conceptual technology design diagrams), and comfort with communicating concisely with the intent to discover details and ensure that finalized requests provided to GIS contain accurate and consistent information from a variety of sources.

In this role, you’ll be accountable for managing a wide variety of activities day-to-day, including:

  • Review scope definition and criteria of SBDE program processes as bank policies, security threat landscape, and GIS review triggers change to propose continuous improvement of execution and evolution of SBDE

  • Executive presence and relationship management to resolve escalation from concerned stakeholders

  • Raise concerns, with analysis of examples, and recommendations of solution options to SSD Senior Leadership via process change management routines, or ad-hoc in the event of a critical concern

  • Use application development / security background - solid knowledge of SDLC from sourcing/design, to testing, through deployment and the different risk elements associated with each step

  • Apply continuous learning from security issues, industry best practices, and technological design patterns to evolve and enhance the Central Intake Framework

  • Support documentation of requests from GCOR, Audit, et al regarding Central Intake activities and observations

  • Participate in SSD tool UAT (Jira Service Manager) monthly, and update/maintain Central Intake procedures, templates, and other job/training aids

  • Determine impact of SBDE program changes to Central Intake procedures (and vice versa); discuss concerns in a productive manner, seeking to reach agreement across SSD execution team leadership

  • Use SSD tools to design appropriate tracking, prioritization, and reporting for use by the Central Intake team to bring senior leadership operational insight

  • Onboard and train Central Intake team members with emphasis on prioritized execution of a complex, high-volume process

  • Interpret conceptual diagrams for technology changes with a focus on information security details: methods, protocols, controls, etc.

  • Review status of ongoing SBDE cases, understanding the purpose of each test, interpreting acceptable test results, and the working with SSD Architects, Case Managers, and Quality Assurance teams to ensure a good experience for our CIO customers

Primary Skill

GIS Security

Secondary Skill

Tertiary Skill

Required Skills

You will be successful in this role with these attributes:

  • 10+ years as an Information Security / Technology professional within a highly-regulated industry

  • 5+ years of risk identification experience

  • Strong sense of ownership and accountability for the success of SSD programs

  • Executive presence and experience discussing complex issues with technical and non-technical leaders

  • Strategic thinking – high-potential ideation beyond what has succeeded in the past

  • Leverages established laws, rules, regulations, and policy to rationalize decisions – comfortable providing feedback to internal policy owners when asked

  • Proficiency with Jira Service Manager, Application HQ, enterprise tollgate tools (ex. CECE, GCGF Intake, PTS/R), and various GIS reporting tools (ex. Tableau, Continuous Monitoring, RSAM, Trident)

  • Influencer – energized by sharing fresh methodology, and leading others to adoption of improvements

  • Critical thinking – one of the first who: grasps new concepts, understands the connections between SSD work and that of other teams, and sees potential pit-falls

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:

1st shift (United States of America)

Hours Per Week:

40