Business Information Security Officer, Global Information Security

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Your background

• 5+ years of information security risk management experience with proven ability to manage challenging business situations.
• Good working knowledge of governance, risk management and compliance routines and control processes.
• Familiar with information security frameworks, industry best practices, and their impact to the business.
• Experience evaluating cyber security controls and providing information security guidance for technical deployments and business processes.
• Excellent influencing and problem resolution skills.
• Strong communication skills and experience with managing stakeholders at different levels.
• Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
• Good understanding on Global Banking and Global Markets business and technology is an advantage.
• Holding internationally recognized professional certificates in information security or risk management is a plus.

What you can expect

The Business Information Security Officer will be a member of the APAC Business Information Security Officer's (BISO) organization and work closely with the regional lines of business or Chief Information Officers (CIOs) / Chief Technology Officers (CTOs) stakeholders. In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies, and controls. The role reports directly to the APAC BISO Lead.

What you will do

• Serves as an Information Security subject matter expert and participates in the development, implementation, and maintenance of information security for the line of business (LOB).
• Provides guidance and advocacy regarding the prioritization of LOB investments that impact information security.
• Develops a solid understanding of security (from both technical and business process angles) to enable effective discussions of information security risk.
• Performs the Risk Review on high-risk GIS Policy Exception requests using a defined set of criteria and processes to collect different risk elements to be leveraged by the BISO Approvers responsible for approving or rejecting the requests based on the level of risk.
• Analyzes the various information security dashboard and metrics to ensure the right message is brought to LOB stakeholders to drive a cyber-aware culture.
• Advises LOB on risk issues related to information security and recommends actions in support of the Bank's wider risk management and compliance programs.
• Supports the Senior ISOs in key CIO operating routines to drive information security risk strategy.
• Contributes in further enhancing the team's processes.
• Manages quality control and reporting for the team's processes.
• Collaborates with risk partners on info security critical priorities.
• Familiarizes with and effectively drives for adherence to existing and proposed security policies, standards and baselines Identifies and escalates changes that will affect information security policy, standards, and baselines.
• Monitors information security trends internal and external to the bank and keeps LOB stakeholders informed about information security-related issues.
• Builds strong Partner relationships with peer technology groups and supported LOBs.
• Drives required risk culture and partnership with peer technology teams and supported LOBs.
• Supports the GIS COO partners in delivering information security awareness trainings to LOBs.