Back to search results

Sr. Business Information Security Officer (Sr. BISO)

Washington, District of Columbia;

Job Description:

Bank of America is looking people with a passion for cyber security, are you someone that loves complex problems, someone that can work with technologists and the businesses to enable best of breed technology solutions securely then we want to meet you.

The Senior Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions.

This is a technical consulting and relationship champion role.   In this role you will help drive secure technology solutions, help drive innovation and prioritization of security and risk initiatives within the CIO teams.     .

Leadership/Strategy

  • Be recognized as the Information Security subject matter expert and participate in the development, implementation and maintenance of information security for the line of business (LOB)
  • Drives Global Information Security (GIS)/LOB risk deliverables through influence and accountability
  • Participates in senior LOB specific risk management and business continuity routines
  • Drives required risk culture and partnership with peer technology teams and supported LOB

Scale/Scope

  • Drive the adoption of secure application design, integration with best modern SDLC and CI/CD application security practices, testing methodologies and post-production risk governance
  • Monitors information security trends internal and external to the bank and keeps Line of Business (LOB) leadership informed about information security-related
  • Advises LOB management on risk issues related to information security and recommends actions in support of the bank's wider risk management and compliance programs
  • Leverage risk based reporting to shape the risk posture and subsequently derive guidance to improve information security adoption across the enterprise

Required Skills

  • Candidate needs to have outstanding technical background and solid understanding of application security (including OWASP), network security, Identity and Access Management, cryptography and cloud security principles.
  • Experience assessing and mitigating cyber security risks related to application, network, infrastructure and public cloud.
  • Knowledge and experience of virtualization and container security principles highly desirable.
  • Analyze systems, threat model new features, identify security vulnerabilities in implementation, and recommend cloud security controls to ensure end to end protection
  • Outstanding executive presence, the successful candidate will be pragmatic, collaborative and have relationship management expertise.
  • Passion to learn emerging technology and continue understanding of the info security landscape
  • Significant  experience in cyber security, software, network or infrastructure engineering.
  • Ability to navigate across organizational or perceived boundaries with incomplete information to achieve successful outcomes

Desired skills:

  • CISA, CISSP, or CISM certification
  • 7+ years of risk management or information security experience with proven ability to effectively apply risk principles to challenging business situations

Enterprise Job Description:  Partners closely with line of business leaders, to inform security risk-based decisions.  Leverages deep understanding of the business and strong business acumen to provide information security expertise to key stakeholders.  Utilizes experience and deep knowledge of IT platforms, tools and concepts to ensure cybersecurity requirements are integrated into all levels of decision making.  Partners with business leaders, key stakeholders, vendors and/or external parties to inform security risk-based decisions.  Ensures partners are executing Secure by Design efforts effectively and efficiently.  Typically has 6-10 years of relevant experience. May mentor other members of the team.

Job Band:

H4

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

Bank of America is looking people with a passion for cyber security, are you someone that loves complex problems, someone that can work with technologists and the businesses to enable best of breed technology solutions securely then we want to meet you.

The Senior Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions.

This is a technical consulting and relationship champion role.   In this role you will help drive secure technology solutions, help drive innovation and prioritization of security and risk initiatives within the CIO teams.     .

Leadership/Strategy

  • Be recognized as the Information Security subject matter expert and participate in the development, implementation and maintenance of information security for the line of business (LOB)
  • Drives Global Information Security (GIS)/LOB risk deliverables through influence and accountability
  • Participates in senior LOB specific risk management and business continuity routines
  • Drives required risk culture and partnership with peer technology teams and supported LOB

Scale/Scope

  • Drive the adoption of secure application design, integration with best modern SDLC and CI/CD application security practices, testing methodologies and post-production risk governance
  • Monitors information security trends internal and external to the bank and keeps Line of Business (LOB) leadership informed about information security-related
  • Advises LOB management on risk issues related to information security and recommends actions in support of the bank's wider risk management and compliance programs
  • Leverage risk based reporting to shape the risk posture and subsequently derive guidance to improve information security adoption across the enterprise

Required Skills

  • Candidate needs to have outstanding technical background and solid understanding of application security (including OWASP), network security, Identity and Access Management, cryptography and cloud security principles.
  • Experience assessing and mitigating cyber security risks related to application, network, infrastructure and public cloud.
  • Knowledge and experience of virtualization and container security principles highly desirable.
  • Analyze systems, threat model new features, identify security vulnerabilities in implementation, and recommend cloud security controls to ensure end to end protection
  • Outstanding executive presence, the successful candidate will be pragmatic, collaborative and have relationship management expertise.
  • Passion to learn emerging technology and continue understanding of the info security landscape
  • Significant  experience in cyber security, software, network or infrastructure engineering.
  • Ability to navigate across organizational or perceived boundaries with incomplete information to achieve successful outcomes

Desired skills:

  • CISA, CISSP, or CISM certification
  • 7+ years of risk management or information security experience with proven ability to effectively apply risk principles to challenging business situations

Enterprise Job Description:  Partners closely with line of business leaders, to inform security risk-based decisions.  Leverages deep understanding of the business and strong business acumen to provide information security expertise to key stakeholders.  Utilizes experience and deep knowledge of IT platforms, tools and concepts to ensure cybersecurity requirements are integrated into all levels of decision making.  Partners with business leaders, key stakeholders, vendors and/or external parties to inform security risk-based decisions.  Ensures partners are executing Secure by Design efforts effectively and efficiently.  Typically has 6-10 years of relevant experience. May mentor other members of the team.

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-21053000

Band: H4

Manages People: No

Travel: Yes, 5% of the time

Manager:

Talent Acquisition Contact:

Stuart Collier

Referral Bonus:

0

Starting Colorado pay:

$127,500 annual salary

Starting pay explanation

This is the starting pay, actual offers to be negotiated based on applicant’s skills, experience and education.

Discretionary incentive eligible

This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.

Benefits

This role is currently benefits eligible. We provide industry-leading benefits, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

Hide