Compliance and Operational Risk Manager (Security Log Management)

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Role Responsibilities:

The Compliance and Operational Risk (C&OR) Manager is responsible for engaging in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (FLU/CF) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management (CORM) Program and Standard Operating Procedures (SOPs).

As a member of an FLU or CF C&OR officer team, the C&OR Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment and influence, and may constructively challenge FLU and CF leaders to support the CORM Program objectives, balancing business strategy with appropriate controls.

Logging and Monitoring SME
The logging and monitoring SME performs technical deep dives and targeted assessment on Global Information Security’s ability to detect anomalous/malicious activity through proper use case development, logging and monitoring. This role analyzes the use case construction,  technical nuances in log data to ensure effectiveness in detection, alert lifecycle maintenance and fidelity of alerting. 
 

Required Skills:

• 8+ years of experience with cyber security policies, processes and practices

• 4+ years of experience with enterprise security log management 

• Very strong knowledge of network, application and host logging

• Very strong knowledge of Security Information and Event Management (SIEM) analysis, monitoring and alerting

• Understanding of deployment, configuration, and maintenance of log agents across UNIX and Windows platforms

• Knowledge of regular expression, scripting, and application development languages

• Knowledge of alert lifecycle management 

• Understanding of cyber security risk management frameworks and models

• Understanding of security compliance and operational risk management           

• Ability to assess security controls and determine gaps in control coverage

• Ability to effectively communicate residual risk point of view to senior stakeholders                                                                                        

• CISSP, CISM or CRISC or equivalent required 

Desired Skills:

Technical degree

Shift:

Hours Per Week: