About Bank of America:
Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 35 countries. In the U.S. alone, we serve almost all of the Fortune 500 companies and approximately 67 million consumer and small-business clients. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.
Connecting Asia Pacific to the World
Our Asia Pacific team is spread across 19 cities in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.
Background: The Global Information Security (GIS) Business Information Security Organization (BISO) is the interface between GIS in region and the rest of the Bank. The Information Security Consultant will be a member of the APAC GIS BISO Operations team, which is part of the GIS BISO function.
The Information Security Consultant will be a member of the APAC GIS BISO Operations team and will work closely with other members of the team on incoming requests for Permits to Build, Operate and Send across all lines of business represented in region. In addition, the role involves documenting technology and/or processes, working with technology partners to ensure a consistent implementation of security controls across multiple teams, and providing guidance on information security topics, policies and controls.
The Information Security Consultant will drive a responsible risk-based approach to all project decisions.
- Provides guidance and advocacy regarding the definition and remediation of risk.
- Performs assessment and decision recommendations at a number of key points in the project lifecycle:
- Initial Risk Analysis
- Application Security Reviews
- Infrastructure Security Reviews
- Security Architecture
- Secure Design Reviews
- Control and Risk recommendations
- Understand and review key project artefacts in order to be able to provide advisory and oversight on information security elements of proposed designs and implementation
- Work in collaboration with the Line of Business (LOB) Risk leads and application owners to help them develop appropriate processes and solutions
- Coordinate support of Subject Matter Experts and Control processes for the projects (such as source code review, Application Design Security Frameworks (ADSF) & other GIS groups as needed)
- Work with technical architect partners and other BISO teams to incorporate technical documentation into Architectural Patterns / Designs
- Upon request of management, research and document technologies and architecture patterns, to guide implementation of desired security controls
- Work with the global BISO Operations organization to ensure that APAC businesses are supported in an effective, consistent and timely way
- Experience within a technology/financial organization at a mid-level with good knowledge of Information Security controls and risks across all levels of the OSI (Open Systems Interconnection) model
- Experience analyzing projects and project artefacts such as detailed network diagrams and data flows, from a risk-based perspective
- Ability to research and understand complex technology as well as Information Security industry best practices and associated risks
- Excellent oral and written briefing skills with the ability to communicate Information Security and complex technology concepts to a variety of audiences
- Experience within an information security technology operational, engineering or consulting team with good knowledge of the security controls employed by the firm
- Understanding of the concepts of vulnerability management and associated monitoring solutions and practices
- Strong interpersonal skills to be able to communicate, influence and negotiate with both senior stakeholders and project managers to obtain or leverage necessary resources
- Outstanding organizational skills and ability to work in a dynamic environment and balance multiple projects at a given time
- Optional: CISSP, CISM, SANS GIAC GSEC or equivalent qualification
- Subject matter experience in one or more of the following areas: Cloud Service offering and security control options for Cloud vendors (Azure, AWS, Google, IBM, etc.), encryption, application security, network security database security, Artificial Intelligence, mobile applications
- Previous experience working within a Technology or Information Security Function
- Show ability to work as part of a team
Learn more about this role