Senior Vice President, Cyber Threat Intelligence & Defense, Engagement & Assessment

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection.  Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference.  Join us!

Your background

• Excellent organizational and analytical skills.
• Proven experience with cyber threat intelligence related activities.
  • Mature understanding of network forensics as it pertains to technical intelligence and INFOSEC operations both tactically and strategically

• Ability to Effectively communicate (verbally, in writing and in presenting) with executives and stakeholders in non-technical terms while accurately encompassing risk, impact, likelihood, containment and remediation activities, and threat actor techniques, tactics and procedures.
• Ability to handle multiple work efforts in a fast-paced environment and to be able to quickly change direction as needed.
• Strong influencing skills.
• Ability to prioritize conflicting tasks.
• Familiarity with cyber threat landscape, geopolitical issues that could have cyber impacts, security vulnerabilities, exploits, malware, digital forensics, network security vulnerabilities, exploits and attacks.
• Ability to work in a strong team-oriented environment with a sense of urgency and resilience while being a self-starter and able to work independently.
• Ability to work effectively with technical and non-technical business owners

Qualifications

• Bachelor’s degree or higher-level education
• Proven communication skills and technical INFOSEC experience
• 10+ years’ experience to include the above E&A
• 5+ year engaging in operational collaboration and conducting technical analysis
• Experience working in a Security Operations or Fusion Center operation

Team Overview

Cyber Threat Intelligence & Defense (CTID) enhances capabilities and focus on intelligence driven; action-oriented evaluations relative to the Firms defensive capabilities.  CTID works with partners, both internal and external, to reduce risk to the firm and to the financial sector at large. The Engagement & Assessment (E&A) function is a sub-team within the Cyber Analysis & Defense directorate which has a global initiative to establish the strategy and execution of partnerships with peer financial institutions, law enforcement, intelligence community, academia, and researchers to facilitate information sharing. 

What you can expect

The Engagement &Assessment Leader will coordinate, integrate & execute the Firms global strategy and execution of the aforementioned partnerships in region. The Sydney based E&A lead is responsible for all external engagement assignments and deliverables in Australia.  In effort to keep pace with an expanding and dynamic threat landscape, the AU E&A lead will also work with the CTID’s Adversary Technical Intelligence (ATI) team; as part of a comprehensive threat intelligence program; to enrich, escalate and quantitively evaluate threats in region, discovered or observed via the engagement efforts. 

• For the engagement function, the candidate possesses a comprehensive list of external financial sector, critical infrastructure and government contacts in region, as well as an understanding of how cyber threats impact business objectives and requires excellent honed communication skills.
   
• For the assessment function, the candidate possesses a baseline understanding of cyber threat technical intelligence, centered on network intrusion, exploitation and post compromise objectives on target(s).  This baseline is required to identify what is actionable vs routine (for processing) as well as elements that can be used for investigations that profile adversary behaviors, infrastructure, tradecraft and capability for an active defensive posture.

What you will do

• Support the global strategy for external liaison management with the goal of improving information and knowledge pertaining to cyber threats that could impact the firm, including its customers, associates and/or facilities.
• Manage day-to-day operational aspects of:
  • CTI External Engagement and coordination with staff in EMEA, US and APAC
  • Coordinating and contributing to CTID’s Follow the Sun (FTS) Technical Intelligence operations

• Analyze information security events for tradecraft, infrastructure, malware and intent that may indicate a particular threat actor or threat actor group
• Actively engages in liaison activities and relationship building with regional government intelligence communities, financial Industry Associations, peer financial institutions, colleges and universities, researchers and information sharing communities. 
• Facilitates two-way information sharing and operational collaboration with external partners that are focused on firm’s Standing and Priority Intelligence Requirements (from Technical to Strategic)
• Facilitates sensitive information sharing with Intelligence Communities and Law Enforcement Agencies.
• Work in a tactical/technical role reviewing and cultivating intelligence sources, analyzing information and creating actionable intelligence.
• Maintain working knowledge of the broad cyber threat and geopolitical landscape
• Communicate complex topics effectively at all management levels of the organizations and educate and advise internal business and technical leaders regarding cyber threats and possible security solutions. Present internally and externally as required or per opportunity to expand footprint