Risk Analyst

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:

Come join an exciting team within Global Information Security (GIS). Cyber Security Technology (CST) is a globally distributed team responsible for cyber security innovation and architecture, engineering, solutions and capabilities development, cyber resiliency, access management engineering, data strategy, deployment maintenance, technical project management and information technology security control support.

This role is responsible for completing and tracking compliance deliverables to ensure applications adhere to applicable policies and standards as well as local laws, rules and regulations (LRR). Key responsibilities include completing administrative and non-technical tasks related to compliance deliverables. They ensure technical security, risk, and other compliance activities are completed on-time and per requirements. These individuals partner closely with control functions, risk management and Global Information Security (GIS) and are familiar with the applicable policies, standards, LRRs, contacts and procedures so that the compliance deliverables are completed effectively and efficiently.

Primary Level of Engagement: Works with multiple teams and managers at the program level, under the supervision from a more senior domain expert or manager.

Primary Interactions:

• Product Owner
• Feature Lead
• Development Team
• Technology Manager
• Senior Technology Manager
• Enterprise Control Partners

Key Responsibilities:

• Ensure that risk, security, and other compliance deliverables are completed on time and per requirements for the applications they support.
• Complete administrative and non-technical tasks related to compliance deliverables (for example, access reviews, assessments, questionnaires, procedural requirements, and so on).
• Assist with audit exams and risk assessments for applications.
• Track and support the technical security and risk activities performed by the development teams (for example, remediation of non-permitted technology or security vulnerabilities, technical recovery planning, disaster recovery exercises, and so on).
• Assist with ad hoc inquiries and questions.

Required skills:

• Ideal candidate will have 3+ years of experience working to support external reviews from partners.
• Ability to manage multiple risk deliverables
• Understanding of audit, compliance, and regulatory language
• A deep understanding and demonstrable experience of setting standards and development of procedures that deliver end-to-end, tightly monitored and supported risk management procedures.
• Proven demonstrable leadership skills to inspire and motivate people at all levels to deliver risk programs through to successful conclusion – including experience of building and managing matrix driven multi-disciplinary resources.
• Strong written and verbal communication skills are required. Candidates will need to be able to work across the Enterprise to complete their responsibilities.
• Demonstrated analytical, logical reasoning, risk versus reward and problem-solving skills

Desired skills:

• Knowledge of and experience with enterprise policies, programs, procedures, and systems

Enterprise Role Overview:

This job is responsible for developing and supporting enterprise-wide information security policies, procedures, and standards. Key responsibilities include applying knowledge of laws, rules, regulations, and information security concepts (e.g., NIST, COBIT, ISO) to establish and maintain policies, validate alignment of processes and controls to requirements, and report on adherence to policy requirements. Job expectations include using data analytics and partnering with internal teams to verify policy compliance, identify gaps in coverage, and support remediation activities.

Shift:

Hours Per Week: