Information Security Control Alignment & Governance Analyst

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
 

Job Description:

The Control Governance Mapping Team is seeking a candidate with strong cybersecurity, technology infrastructure, and regulatory experience to support the Bank of America Policy Governance Lifecycle. This role analyzes and maps laws, rules, and regulations (LRRs) to enterprise policies, evaluates control alignment, identifies coverage gaps, and partners with internal stakeholders to drive remediation and ensure ongoing policy adherence.

Key Responsibilities
•    Analyze and interpret LRRs; map requirements to enterprise policies, processes, and controls.
•    Support development and governance of information security policies aligned to NIST, COBIT, ISO, and internal standards.
•    Identify gaps in control coverage and partner with teams to drive remediation.
•    Conduct deep dive reviews of technical processes to validate compliance.
•    Use data analytics to assess adherence trends and produce clear reporting.
•    Collaborate with Line of Business partners, control teams, and regulators on governance and risk mitigation activities.

Required Qualifications
•    Background in information security policy and regulatory compliance in a regulated environment.
•    Strong ability to interpret LRRs and apply them to policy and standards.
•    Experience assessing controls, identifying gaps, and supporting remediation.
•    Strong interpersonal and communication skills for working with senior leaders and technical SMEs.
•    Ability to analyze data, identify trends, and communicate insights.
•    Comfort deconstructing complex technical processes to validate adherence.

Skills:

• Customer and Client Focus

• Interpret Relevant Laws, Rules, and Regulations

• Policies, Procedures, and Guidelines

• Problem Solving

• Quality Assurance

• Business Acumen

• Controls Management

• Innovative Thinking

• Process Management

• Stakeholder Management

• Business Process Analysis

• Data Governance

• Data Privacy and Protection

• Data and Trend Analysis

• Risk Analytics

Shift:

Hours Per Week: