People sitting at table all looking in the same direction
Back to search results

EAC Compliance & Operational Risk Specialist – Information Security

Charlotte, North Carolina

Job Description:

The Enterprise Area of Coverage (EAC) Compliance & Operational Risk (C&OR) Specialist is an individual contributor member of an EAC C&OR team that is responsible for enterprise-wide oversight of processes, controls, laws, rules, and/or regulations that have enterprise-wide applicability, affecting two or more Front Line Units or Control Functions (“FLU/CF”) (examples include Third Party, Privacy, Reg W). Responsibilities include identifying, escalating and mitigating risks in a timely manner in alignment with the C&OR Management (“CORM”) Program, with the Global Compliance -- Enterprise Policy, the Operational Risk Management -- Enterprise Policy (collectively “the Policies”), and delivering on the other requirements in the Policies.
The EAC C&OR Specialist assists in engaging other C&OR officers, including horizontal coverage owners and EAC, to provide comprehensive oversight of FLU/CF activities. This role assists in developing and maintaining a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The EAC C&OR Specialist also assists in preparing materials for C&OR regulatory exams/audits/inquiries and may assist with preparation for FLU/CF regulatory exams/audits/inquiries.

Activities this role performs for their area of coverage include, but are not limited to:

• Assists in the development of independent risk management reporting as input into governance and management routines
• Assists with the oversight of FLU/CF training, which may include content development and/or tracking and communication of completion rates
• Assists with the development and maintenance of C&OR-owned policies and standards to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage and maintains a comprehensive regulatory inventory; may support communication of regulatory changes to the FLU/CF and ensuring that policies, standards, procedures and/or processes are appropriately implemented or amended to address regulatory requirements
• Assists in identifying, aggregating, reporting, escalating, inspecting and challenging remediation plans, and performing thematic analysis on FLU/CF-owned issues and control enhancements
• Assists in remediating C&OR “owned” issues and control enhancements
• Executes C&OR Monitoring, Testing, and Assessments; communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Supports the review and challenge of internal and external operational loss events, including development of remediation plans to strengthen controls
• Supports Scenario Analysis activities to provide a forward-looking estimate of hypothetical operational losses
• Assists with the development of risk metrics, monitors related performance and breach remediation

Provide Compliance and Operational Risk, 2nd line oversight and coverage of Global Information Security.  The role will play a critical role in performing second line risk coverage activities of Global Information Security business operations.

The role requires experience and expertise with escalating, debating and challenging significant operational and compliance risks as appropriate. Primary coverage and activity will be focused on monitoring, testing and assessing the processes and controls aligned to Global Information Security.

The position will engage with various Information Security Program areas and the central Planning, Controls and Governance team for Global Information Security.

The role is focused on detecting, remediating and preventing compliance and operational risks across the enterprise, including; self-inspection programs; standards, policy and rule governance; and program execution in support of the Bank of America Risk Framework

Activities include:

• Provide Compliance and Operational Risk guidance to Global Information Security.
• Perform Risk Coverage activities through risk reviews and assessments to identify opportunities to reduce thematic risks related to information security.
• Review and challenge security controls and risks related to the core information security functions (network & infrastructure security, data protection, application security, threat prevention, incident & event management, third party info security, and identity & access management)
• Review, challenge, monitor, assess and test Process, Risks and Controls (PRC).
• Apply subject matter expertise and technology experience to provide insight and risk mitigation recommendations to improve businesses processes.
• Conduct program, process and forward looking assessments.
• Effectively communicate and report on Compliance and Operational risk oversight and coverage.
• Maintain knowledge of regulatory expectations related to Information Security.

Required Skills:
-General background and understanding of information security concepts, processes and operations.
-Foundational knowledge of application and infrastructure security requirements
-Knowledge of key technology rules and regulatory requirements for IT risk management practices for financial institutions, such as FFIEC Guidelines, -Vendor Management Requirements, and the Gramm-Leach-Bliley Act (GLBA).
-Experience in writing and communicating assessment conclusions and outcomes to key executives and regulators.
-Ability to translate technical issues, application weaknesses and security control gaps into Compliance and Operational Risk points of view
-Ability to communicate action plans and remediation requirements for identified areas of risk and key issues.
-Relationship management skills and ability to interface confidently with associates of all levels, including senior executives
-Ability to influence at all management levels in a complex organization
-Strong ability to self-direct work and to identify appropriate coverage activities for key areas of focus.
-Familiarity and general knowledge of the enterprise business areas and functions.
-Excellent written and verbal communication skills.
-Bachelor’s Degree or Equivalent Experience

Desired Skills
-2+ years’ experience in risk, information security and/or technology for a financial services organization.
-Masters or advanced degree in risk management or information security discipline

-Knowledge of or certification in law, rule, regulation or area of coverage (i.e.: SCRA, Privacy); Association of Privacy Professional (IAPP) accredited certification programs for Privacy EAC


Degree Required: Bachelor’s Degree or equivalent experience

Job Band:

H5

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

The Enterprise Area of Coverage (EAC) Compliance & Operational Risk (C&OR) Specialist is an individual contributor member of an EAC C&OR team that is responsible for enterprise-wide oversight of processes, controls, laws, rules, and/or regulations that have enterprise-wide applicability, affecting two or more Front Line Units or Control Functions (“FLU/CF”) (examples include Third Party, Privacy, Reg W). Responsibilities include identifying, escalating and mitigating risks in a timely manner in alignment with the C&OR Management (“CORM”) Program, with the Global Compliance -- Enterprise Policy, the Operational Risk Management -- Enterprise Policy (collectively “the Policies”), and delivering on the other requirements in the Policies.
The EAC C&OR Specialist assists in engaging other C&OR officers, including horizontal coverage owners and EAC, to provide comprehensive oversight of FLU/CF activities. This role assists in developing and maintaining a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The EAC C&OR Specialist also assists in preparing materials for C&OR regulatory exams/audits/inquiries and may assist with preparation for FLU/CF regulatory exams/audits/inquiries.

Activities this role performs for their area of coverage include, but are not limited to:

• Assists in the development of independent risk management reporting as input into governance and management routines
• Assists with the oversight of FLU/CF training, which may include content development and/or tracking and communication of completion rates
• Assists with the development and maintenance of C&OR-owned policies and standards to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage and maintains a comprehensive regulatory inventory; may support communication of regulatory changes to the FLU/CF and ensuring that policies, standards, procedures and/or processes are appropriately implemented or amended to address regulatory requirements
• Assists in identifying, aggregating, reporting, escalating, inspecting and challenging remediation plans, and performing thematic analysis on FLU/CF-owned issues and control enhancements
• Assists in remediating C&OR “owned” issues and control enhancements
• Executes C&OR Monitoring, Testing, and Assessments; communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Supports the review and challenge of internal and external operational loss events, including development of remediation plans to strengthen controls
• Supports Scenario Analysis activities to provide a forward-looking estimate of hypothetical operational losses
• Assists with the development of risk metrics, monitors related performance and breach remediation

Provide Compliance and Operational Risk, 2nd line oversight and coverage of Global Information Security.  The role will play a critical role in performing second line risk coverage activities of Global Information Security business operations.

The role requires experience and expertise with escalating, debating and challenging significant operational and compliance risks as appropriate. Primary coverage and activity will be focused on monitoring, testing and assessing the processes and controls aligned to Global Information Security.

The position will engage with various Information Security Program areas and the central Planning, Controls and Governance team for Global Information Security.

The role is focused on detecting, remediating and preventing compliance and operational risks across the enterprise, including; self-inspection programs; standards, policy and rule governance; and program execution in support of the Bank of America Risk Framework

Activities include:

• Provide Compliance and Operational Risk guidance to Global Information Security.
• Perform Risk Coverage activities through risk reviews and assessments to identify opportunities to reduce thematic risks related to information security.
• Review and challenge security controls and risks related to the core information security functions (network & infrastructure security, data protection, application security, threat prevention, incident & event management, third party info security, and identity & access management)
• Review, challenge, monitor, assess and test Process, Risks and Controls (PRC).
• Apply subject matter expertise and technology experience to provide insight and risk mitigation recommendations to improve businesses processes.
• Conduct program, process and forward looking assessments.
• Effectively communicate and report on Compliance and Operational risk oversight and coverage.
• Maintain knowledge of regulatory expectations related to Information Security.

Required Skills:
-General background and understanding of information security concepts, processes and operations.
-Foundational knowledge of application and infrastructure security requirements
-Knowledge of key technology rules and regulatory requirements for IT risk management practices for financial institutions, such as FFIEC Guidelines, -Vendor Management Requirements, and the Gramm-Leach-Bliley Act (GLBA).
-Experience in writing and communicating assessment conclusions and outcomes to key executives and regulators.
-Ability to translate technical issues, application weaknesses and security control gaps into Compliance and Operational Risk points of view
-Ability to communicate action plans and remediation requirements for identified areas of risk and key issues.
-Relationship management skills and ability to interface confidently with associates of all levels, including senior executives
-Ability to influence at all management levels in a complex organization
-Strong ability to self-direct work and to identify appropriate coverage activities for key areas of focus.
-Familiarity and general knowledge of the enterprise business areas and functions.
-Excellent written and verbal communication skills.
-Bachelor’s Degree or Equivalent Experience

Desired Skills
-2+ years’ experience in risk, information security and/or technology for a financial services organization.
-Masters or advanced degree in risk management or information security discipline

-Knowledge of or certification in law, rule, regulation or area of coverage (i.e.: SCRA, Privacy); Association of Privacy Professional (IAPP) accredited certification programs for Privacy EAC


Degree Required: Bachelor’s Degree or equivalent experience

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-21047724

Band: H5

Manages People: No

Travel: Yes, 5% of the time

Manager:

Talent Acquisition Contact:

James Henry

Referral Bonus:

0

Street Address

Primary Location:
100 N TRYON ST, NC, Charlotte, 28255