hero






Mainframe Information Security Engineer III

Bank of America

Bank of America

IT
Chicago, IL, USA · Denver, CO, USA · United States · Remote
Posted on Jul 19, 2024

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. The Mainframe Engineering Team defines, drives, and delivers major components of Bank of America’s security engineering strategy, addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements

Key Responsibilities in order of importance:

  • Serves as a subject matter expert for one or more engineering initiatives for the mainframe Security environment

  • Designs, develops, and implements systems to contribute to the protection of system boundaries, harden computer systems and network devices against attacks, and secure sensitive data

  • Drives complex technical information security projects to ensure on-time delivery and identifies and raises risks and potential vulnerabilities at all stages of the security engineering process

  • Leverages broad knowledge of information security technologies, techniques, and processes and prepares to grow knowledge within one or more security-engineering domains

  • Leads the identification, definition, and documentation of system security requirements

  • Leads work efforts with a diverse set of stakeholders with varying priorities to debate and negotiate paths forward

  • Drives the development and execution of test plans to produce quantitative results and thinks outside the box to develop and implement multiple solutions to complex problems

Required Qualifications:
  • 15+ years experience using and supporting RACF in a medium to large mainframe environment. The person hired for this position will be a deep knowledge SME for RACF and mainframe security.

  • 15+ years experience using and supporting a broad range of mainframe security tools to reduce mainframe security risk.

  • 5+ years experience using and supporting mainframe security tools including Vanguard RACF Administrator or competing product like zSecure.

  • Knowledge of mainframe architecture, subsystems, tools to be able to analyze how best to configure security. For example, CICS, DB2, IMS, USS.

  • Understand the overall mainframe security environment and be able to develop and present responses to inquiries by internal and external auditors, security professionals, and regulators.

  • Demonstrated security solutions development and deployment in a complex mainframe environment.

  • Ability to be on-call and work weekend when required by events (i.e. Disaster Recovery Tests, installation of new software version, critical incidents, etc.)

  • Must have in depth experience capturing requirements and documenting in visual formats, including flowcharts, process maps, flow diagrams, decision trees, mockups/wireframes, relationship diagrams, etc.

  • Must have experience with management, adherence to risk frameworks, policies, standards, and controls.

  • Must have excellent written/verbal communication skills and attention to detail.

  • Must have excellent organizational skills and able to effectively prioritize multiple tasks.

  • Must have experience participating in large or complex projects.

  • Must be pro-active and be able to drive direction of work that needs to be completed, ability to work independently on initiatives with little oversight.

  • Ability to coordinate and facilitate routines to support delivery (i.e., kick-offs, status reviews, stakeholder meetings, change controls, tollgates).

  • Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.

  • Ability to create management level reporting using aggregated data.

  • Experience working in Agile methodology and a deep understanding of all phases of the SDLC.

  • Strong analytical skills/problem solving/conceptual thinking.

  • Collaboration and ability to influence across peer groups and various levels of management.

Desired Qualifications:

  • 15+ years working in the financial industry

  • 10+ years working in a multi-Sysplex, multi-LPAR mainframe environment

  • 5+ years using and supporting a zVM security tool.

  • Knowledge of VSAM, REXX, Easytrieve, Generation Data sets

  • Experience consolidating diverse multi-company mainframe environments to a common practice, tools, support framework

  • This job will be open and accepting applications for a minimum of seven days from the date it was posted

Shift:

1st shift (United States of America)

Hours Per Week:

40