Compliance and Operational Risk Manager (Malware Controls)

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Role Responsibilities:

The Compliance and Operational Risk (C&OR) Manager is responsible for engaging in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (FLU/CF) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management (CORM) Program and Standard Operating Procedures (SOPs).

As a member of an FLU or CF C&OR officer team, the C&OR Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment and influence, and may constructively challenge FLU and CF leaders to support the CORM Program objectives, balancing business strategy with appropriate controls.

Malware SME
The malware SME role performs technical deep dives and targeted assessments on Global Information Security’s ability to prevent, detect and respond to advance malware threats. The role requires strong knowledge of operational process for responding to and eradicating malware. The role also requires a strong understanding of the end-to-end process a threat actor commonly follows to reach action on objections (e.g. Cyber Kill Chain). 
 

Required Skills: 

• 8+ years of experience with cyber security policies, processes and practices      

• 4+ years of experience assessing malware controls

• Very strong host and network technical acumen                          

• Very strong understanding of different malware types and behaviors

• Strong understanding of threat actor tactics, techniques and procedures 

• Strong understanding of indicators of compromise 

• Strong understanding of malware security tools and capabilities     

• Understanding of host analysis, forensics and reverse engineering

• Understanding of static and dynamic malware analysis and tools

• Understanding of cyber security risk management frameworks and models

• Understanding of security compliance and operational risk management   

• Ability to assess security controls and determine gaps in control coverage             

• Ability to effectively communicate residual risk point of view to senior stakeholders                

• CISSP, CISM or CRISC or equivalent required

• Technical degree                                                                                                                               

Shift:

Hours Per Week: