Business Information Security Officer (BISO) Engagement Senior Lead

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. Were devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

The BISO Engagement Senior Lead role supports a specific vertical Business Information Security Office and is responsible for the management and oversight for a variety of BISO-CIO governance activities. This role is responsible for partnering with the BISO Executive to balance the needs of the business while ensuring information security risk is appropriately identified and managed to mitigate risk to the organization and drive uncompromising cyber security protection.

Specifically, this role is to provide and implement horizontal consistency across a variety of BISO processes and activities. The role is to serve as main point of contact for each BISO vertical Executive, acting as an integrated business partner with cross-functional senior leaders to provide blended security and business expertise to ensure appropriate management of information security risks. This role will be responsible for overseeing and contributing to all BISO related materials that go to the Global Tech Risk Committee, CIO Key Risk Routines, and FLU Risk Committees. Additionally, this role will Identify and drive implementation of opportunities for efficiencies across BISO teams including developing best practices within the vertical BISO team across various processes and procedures, including, but not limited to, ERP Exceptions, Third Party Non-Adherence Oversight, Consequence Model, Operating procedures, Key Risk Routines, FLU Risk Committee, etc.

Required Skills
5+ years as an Information Security / Technology professional within a highly-regulated industry
5+ years of risk identification experience
Strong sense of ownership and accountability
Exceptional executive presence and experience discussing complex issues with technical and non-technical leaders
Exceptional Written Presentation Skills and experience
Ability to adjust and react with optimism and professionalism- solution oriented
Attention to detail
Able to work in a fast-paced, multi-priority environment
Strategic thinking high-potential ideation beyond what has succeeded in the past
Leverages established laws, rules, regulations, and policy to rationalize decisions comfortable providing feedback to internal policy owners when asked
Proficiency with Jira Service Manager, Application HQ, enterprise tollgate tools (ex. CECE, GCGF Intake, PTS/R), and various GIS reporting tools (ex. Tableau, Continuous Monitoring, RSAM, Trident)
Influencer energized by sharing fresh methodology, and leading others to adoption of improvements
Critical thinking one of the first who: grasps new concepts, understands the connections between BISO portfolio of work and that of other teams, and sees potential pit-falls

Desired Skills
Bachelors and/or Masters degree in Computer Science, Information Technology or related field
Third Party experience within a highly regulated industry
CISSP, CISM, or PCI Professional certifications

This job is responsible for partnering with leaders to balance the needs of the business while ensuring information security and organizational risks are appropriately identified and managed to drive uncompromising cyber security protection. Key responsibilities include leading in-depth information security risk-based discussions and acting as an integrated business partner with cross-functional leaders to provide blended security and business expertise to ensure appropriate management of information security risks.

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:

Hours Per Week:

Pay Transparency details