The Information Protection Data in Motion (DIM) Team is responsible for initial monitoring, analysis and escalation of security events detected and prevented within our email data protection controls within a 24 X 7 X 365 "follow the sun" model. The successful candidate will gain experience of operating in a technically complex, fast changing and dynamic environment. They will be exposed to various forms of threat including security breaches, intellectual property theft, insider trading, fraud and avoidance of security controls. Opportunity to work for truly Global Information Security team with leading edge tools and processes and subject matter expertise. Bank of America GIS encourages career mobility and this role provides the opportunity to be part of a team where development and advancement is actively supported.
• Responsible for carrying out analysis of Information Protection (IP) high risk controls.
• Taking ownership to identify and assess the appropriate outcome for the violation and manage through.
• Working in tandem with the Cyber Security teams to support their initiatives and achieve Global Information Security (GIS) goals.
• To identify, escalate and debate all risks in line with the bank’s framework.
• By analyzing events/metrics and escalation data, identify patterns and trends on high risk controls and proactively suggest, develop and implement enhancements to reduce risk.
As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. Monitors existing and proposed security standard setting groups. State and Federal legislation and regulations. Identifies and escalates changes that will affect information security policy, standards and procedures. Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols. Administers security policies to control access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.
• 2-5 years of related work experience
• Experience identifying threats, vulnerabilities, exploitations and applying security controls, tools and techniques to detect or gather information on domains or subjects
• Familiarity with and basic understanding of networking systems, security vulnerabilities, exploits, and attacks•
• Data Loss Prevention and SIEM tool event processing (such as Symantec DLP or ArcSight
• Good understanding of how TCP/IP networks function
• Demonstrates a commitment to learning and adjusts to changing demands and requirements
• Influence decisions and outcomes through effective communications (both in writing and when speaking) using clean, concise and simple language
• Able to adapt communication style to the audience
• Demonstrates the capability of working in a team environment and collaborating with oversea partners
• Strong PC skills including Microsoft Office applications
• Information security analysis, traffic/log analysis or related experience
• Penetration Testing or related experience
• Certifications – CEH, CISSP, A+, CCNA, CCNP, Security+, SQL
• Proficiency in additional European or other languages