Back to search results

Information Security Executive

Charlotte, North Carolina;

Job Description:

Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.

The Cyber Security Technology (CST) function within Global Information Security is responsible for innovation and architecture, engineering, solutions and capabilities development, deployment maintenance and support of information technology security controls. The CST team is also responsible for the management of the program/project management teams.

This position will be a member of the Global Information Security (GIS) Cyber Security Technology (CST) leadership team.  The individual will lead the Advanced Risk Research  (ARR) team responsible for identifying, analyzing, quantifying and proposing remediations for potential security concerns across any technology platform in the bank.

The team will unearth the inconsistencies and partial compliance with our intended control framework that could lead to an exploit or regulatory sanctions due to non-compliance. The team is a technology-focused group that works in partnership with organizations across the bank to address any gaps that they identify. They have a strong connection across their peers in the Cyber Security Technology team, and provide support and risk context to the developers and engineers who are the technical SMEs.

The leader of the ARR team needs to have excellent business judgment to evaluate the seriousness and urgency of any technology-related control gap, and to marshal the appropriate enterprise response. They need to have independent risk assessment skills to bring a proportionate solution to bear. They will be collaborative and have strong influencing skills to engage with groups outside GIS to achieve our commercially appropriate outcomes.
Key Responsibilities:
Manage the team consists of technologists who understand the control requirements, technology stack and can analyze the end-to-end technology solutions to identify gaps.  Examples include: inappropriate privileged access, prioritization of MFA for privileged account usage, identification of misuse of privileged escalation, ensuring confidentiality and integrity is protected within and between environments, designing and leveraging data analytics and discovery techniques to provide control sustainability.
Partner with the GT&O risk and control professionals to identify, record and monitor potential issues.

Role Qualifications:
Extensive risk management experience with demonstrable ability to effectively use processes and controls
Experience working with technology-related control gaps
Understanding of Enterprise Controls, Business processes and their dependencies on the control framework, Malware management, Insider & Incident Response, System defense, Application Security and Insider Threat

Identify and evaluate risks along with processes and controls to minimize impact; actively debate and escalate issues and concerns
Critical thinking/analytical skills; Strong analysis and fact-based decision-making
Ability to communicate complex information in simple terms (oral and written)
Strong organization skills with the ability to prioritize requests and workload accordingly
Influence horizontally and vertically across the organization and diverse audiences with varying degrees of risk management understanding
Exhibit strong relationship management and interpersonal skills
Ability to lead across multiple lines of business to orchestrate cohesive risk & controls oversight and process management.

Key Stakeholders:
Technology Risk (2nd line)
Corporate Audit
Risk partners in GT&O (TI, CDO, CSWT & GBAMT)
External auditors (SOX, SOC1/2)
SME engagement in regulator exams
Industry partnerships


1st shift (United States of America)

Hours Per Week: 


Learn more about this role

Full time


Manages People: Yes

Travel: Yes, 10% of the time


Talent Acquisition Contact:

Referral Bonus: