girl looking into her desktop
Back to search results

GIS Application Security Strategy Implementation Executive

Chicago, Illinois;

Job Description:

GIS Application Security Strategy Implementation 
Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information.  GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. 

The focus of the Application Security team is to ensure technology teams Design for Security from the beginning and through the Software Development Life Cycle (SDLC) to reduce the likelihood of future software and infrastructure issues that may compromise the firm’s information security. This team will focus on designing systems to be secure from the start and partner closely with technology teams and control partners to build security into technology selection and management processes and automate information security controls. The team will include architects, engineers and developers to ensure security is built into systems from the ground up by starting with robust architecture design and continuing through the ongoing management of technology resources.  
 
Role Description:  This position will report to the leader of Application Security. This individual will lead the program management efforts of the Application Security team as described above.  

Key Responsibilities:
• Execute overall Program management of the efforts on Application security 
• Partner closely with the Application Security team in their work with internal and external technology and control partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software
• Establish Program management governance, structure, processes and partnerships to drive Application Security efforts across various stakeholder groups
• Drive liaison and partnerships with various stakeholders to enable Application Security ensure Secure Design principles are considered at all points in the development lifecycle and adopted by technology teams
• Manage an integrated view of various efforts around ADSF etc. 
• Manage, monitor, and maintain cybersecurity risk governance and management 
• Strong communication skills, experience leading large, cross-organizational change programs, implementing/evaluating new products and navigating a large organization in a matrix environment are beneficial

Role Qualifications
• Possess strong / experienced application development and/or application security background
• Strong Program management skills 
• Experience in building, establishing and directing large, complex programs across a variety of stakeholders and sub lines of business
• Domain expertise in secure design principles
• Domain expertise in application development and/or security engineering
• Understanding of security analytics, threat intelligence, system defense and application security (including self-serve tools for developers) 
• Understanding of malware, vulnerability/exposure surface and incident response 

Skills:
• Information Security & Technology professional with 10 years’ experience 
• Subject matter expertise in application security and vulnerability testing 
• Strong Program management
• Ability to influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding 
• Ability to interact with and influence senior leaders 
• Strong Risk management mindset  
• Exhibit strong relationship management and interpersonal skills
• Critical thinking/analytical skills
• Strong analysis and fact-based decision-making
• Ability to integrate data from multiple sources
• Ability to communicate complex information in simple terms (oral and written)
• Strong organization skills with the ability to prioritize requests and workload accordingly
• Ability to influence across multiple lines of business to orchestrate cohesive risk & controls oversight and process management

Job Band:

H3

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

GIS Application Security Strategy Implementation 
Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information.  GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. 

The focus of the Application Security team is to ensure technology teams Design for Security from the beginning and through the Software Development Life Cycle (SDLC) to reduce the likelihood of future software and infrastructure issues that may compromise the firm’s information security. This team will focus on designing systems to be secure from the start and partner closely with technology teams and control partners to build security into technology selection and management processes and automate information security controls. The team will include architects, engineers and developers to ensure security is built into systems from the ground up by starting with robust architecture design and continuing through the ongoing management of technology resources.  
 
Role Description:  This position will report to the leader of Application Security. This individual will lead the program management efforts of the Application Security team as described above.  

Key Responsibilities:
• Execute overall Program management of the efforts on Application security 
• Partner closely with the Application Security team in their work with internal and external technology and control partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software
• Establish Program management governance, structure, processes and partnerships to drive Application Security efforts across various stakeholder groups
• Drive liaison and partnerships with various stakeholders to enable Application Security ensure Secure Design principles are considered at all points in the development lifecycle and adopted by technology teams
• Manage an integrated view of various efforts around ADSF etc. 
• Manage, monitor, and maintain cybersecurity risk governance and management 
• Strong communication skills, experience leading large, cross-organizational change programs, implementing/evaluating new products and navigating a large organization in a matrix environment are beneficial

Role Qualifications
• Possess strong / experienced application development and/or application security background
• Strong Program management skills 
• Experience in building, establishing and directing large, complex programs across a variety of stakeholders and sub lines of business
• Domain expertise in secure design principles
• Domain expertise in application development and/or security engineering
• Understanding of security analytics, threat intelligence, system defense and application security (including self-serve tools for developers) 
• Understanding of malware, vulnerability/exposure surface and incident response 

Skills:
• Information Security & Technology professional with 10 years’ experience 
• Subject matter expertise in application security and vulnerability testing 
• Strong Program management
• Ability to influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding 
• Ability to interact with and influence senior leaders 
• Strong Risk management mindset  
• Exhibit strong relationship management and interpersonal skills
• Critical thinking/analytical skills
• Strong analysis and fact-based decision-making
• Ability to integrate data from multiple sources
• Ability to communicate complex information in simple terms (oral and written)
• Strong organization skills with the ability to prioritize requests and workload accordingly
• Ability to influence across multiple lines of business to orchestrate cohesive risk & controls oversight and process management

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-21043032

Band: H3

Manages People: Yes

Travel: No

Manager:

Talent Acquisition Contact:

Jeffrey Fowler

Referral Bonus:

0

Colorado job seekers

Colorado pay range:

$175,000 - $285,000 annualized salary, offers to be negotiated based on experience, education and skill set.

Discretionary incentive eligible

This role is eligible to participate in the Corporate Performance Incentive Plan. Qualified employees are eligible for an annual discretionary award based on their overall individual results and behaviors performance at year-end (limited roles may also qualify for incentives during performance year).

Benefits

This role is eligible for all usual company benefits. At Bank of America, our employees are the foundation of our success. That’s why we’re committed to offering a variety of competitive programs and benefits that support your physical, emotional and financial wellness both at work and at home.