Third Party Information Security Consultant, Global Information Security

Job Description:

Your background

• Previous information technology/security audit/assessment experience preferred.

• Ability to leverage attention to detail and analytical skills.

• Ability to multi-task and work both independently as well as part of an assessment team

• Ability to plan, execute and document assessment and remediation activities following established processes and procedures.

• Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.

• Minimally, CISSP and/or CISA certifications are required as well as five to eight years of experience in information security or business continuity.

• Technical skills include the domains of information security and business continuity including:

  • Information Security Controls (Cloud Security, Infrastructure Security, Access Management, Physical Security, Application Security, etc.),

  • IT Compliance, SOX Compliance

  • Change Management

  • Enterprise Risk Management

  • Solid grasp of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards.

• Ability to speak Mandarin and write in Simplified and Traditional Chinese due to interactions with 3rd parties in the Greater China region.

• Must be able to travel up to 25% of the time.

• Experience in Cloud technologies, OSINT and threat modeling will be advantageous.

What you can expect

The Third Party Cyber Security Assessor will conduct information security and business continuity assessments of third parties providing services to Bank of America. The assessor will examine a third party's program to determine if they meet the Bank’s requirements, identifying control gaps that may expose the Bank to risks and subsequently work with the third party on all remediation activities. 

To succeed in this role, you should be highly independent, motivated and possess strong, hands-on, technical knowledge of a wide range of information security and business continuity controls and the processes used for evaluating their design and effectiveness and possess strong written and verbal communication skills including ability to communicate clearly and concisely to various levels, up to and including executive level management, and explain the need for key controls to technical and non-technical resources.

There will be opportunities to be involved in projects to improve processes & transform the assessment program. This will enable you to leverage and grow your leadership skills as you'll be expose to various internal stakeholders and industry partners.

What you will do

• Manage and execute assessments of third parties providing services to Bank of America.

• Evaluate design and effectiveness of controls implemented by third parties providing services to Bank of America

• Drive remediation of issues identified through the assessments and any subsequent risk conversations with the third parties and other internal stakeholders.

• Interface with external third parties and internal line of business stakeholders to provide consultation on information security topics and build strong working relationships with these parties.

• Partner with regional and global GIS teammates to collaborate on opportunities and to identify, analyze, and resolve complex problems or security gaps.

• Contribute to the development and transformation of the Third Party Cyber Assurance program

• Conduct cyber risk assessment in support of technology initiatives to help identify IT related risk and determine appropriate controls to mitigate risks.

• Monitor, track, and manage risk mitigations and exceptions and ensure adequate monitoring capability is incorporated into solutions.

About Bank of America

Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 35 countries. In the U.S. alone, we serve almost all of the Fortune 500 companies and approximately 67 million consumer and small-business clients. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.

Connecting Asia Pacific to the world

Our Asia Pacific team is spread across 19 cities in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.