Information Security Vulnerability Analysis Manager

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:
Manages a team or teams accountable for providing cybersecurity defense across multiple disciplines. Leads the analysis, implementation, execution and ongoing improvement of proactive security controls to prevent external threat actors from infiltrating company information or systems. Utilizes experience and deep knowledge of IT platforms, tools, and concepts to ensure cybersecurity protection is integrated at all layers of defense. Leads alert responses and problem solving workgroups across multiple functions with a focus on the enterprise risk framework. Typically has over 10 years of relevant experience including managing teams.

The Vulnerability Analysis (VA) team is a global function responsible for the evaluation and of security vulnerabilities to enable appropriate remediation across the company. This Vulnerability Analysis Manager role is responsible for leading the day to day operations of the domestic US vulnerability analysis team and coordinating with leadership of our non-US VA teams to ensure delivery of a comprehensive follow-the-sun vulnerability analysis function. This role will interface with the GIS executive team on a regular basis regarding vulnerability-related matters, including advising on the risk of zero day vulnerabilities and triage of potential incidents.

In this role, you will

• Enable the continued development and growth of information security professionals

• Develop and maintain a repeatable vulnerability analysis process grounded in industry best practices.

• Ensure accurate and data driven analysis results in appropriate remediation prioritization.

• Execute quality assurance routines to ensure timely and defensible analysis and rating decisions.

• Lead vulnerability management incident response activities for zero-day or high severity vulnerability events.

• Engage with all levels of professionals and managers companywide and serve as an experienced advisor to leadership.

• Consult with leadership and security peers and experts on complex security issues and findings.

• Be an effective communicator frequently switching between technical & non-technical partners.

Required Qualifications:

• 10+ years of experience in cyber security

• 5+ years of management experience

• Knowledge of industry standard scoring models such as CVSS, CCSS

• Strong familiarity with OWASP Top 10 vulnerabilities, SANS 25, MITRE, and CWEs

• Knowledge of vulnerability attack methods, exploit results, attack chains

• Knowledge of industry standard data models such as CPE and data normalization tools

• Ability to proactively anticipate problems and execute solutions at a strategic level

• Ability to triage and isolate key facts to make informed recommendations to leadership on vulnerability management matters, often based on incomplete information

• Excellent analytical skills/problem solving/conceptual thinking

• Excellent communication skills, both verbal and written

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:

Hours Per Week: