Policy, Regulation, Risk and Governance Strategy Lead (Cyber Security)

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work and providing a culture of caring is core to how we drive Responsible Growth. We are intentional about fostering an inclusive workplace where every teammate has the opportunity to succeed, build a career and contribute to our shared success. This includes attracting and developing exceptional talent, recognizing and rewarding performance, and supporting our teammates’ physical, emotional, and financial wellness through affordable, competitive and flexible benefits.

We value the unique perspectives individuals bring from all backgrounds and career paths - whether shaped by military service, community college education, or a wide range of work and life experiences. These journeys foster resilience, leadership and innovation, strengthening our workforce and positively impact the communities we serve.

Bank of America is committed to an in-office culture that supports collaboration, engagement, and career development. Our approach includes clear in-office expectations, while providing an appropriate level of flexibility based on role-specific responsibilities and business needs.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Job Description:

The Policy, Regulation, Risk and Governance Strategy (Cyber Security) lead will be accountable for 2 core outcomes:

• Modernizing BAU activities, including enabling AI-supported workflows for regulatory and framework mapping, standards mapping and baseline development.
• Pivoting the policy team from an execution heavy function into a strategic advisory capability that improves how governance artifacts are developed, maintained and scaled across the broader organization

Responsibilities

• Transform the operating model from manual, resource-intensive processes into a standardized, workflow-driven approach to reduce reliance on individual effort. Assess BAU activities to eliminate duplication, bottlenecks, and quality gaps, improving speed, consistency, and repeatability. Redesign workflows with a risk-based lens to streamline execution, reduce rework, and enable AI-supported processes while preparing for offshore support and maintaining focus on advisory and quality assurance.
• Implement a risk-based framework for prioritization, escalation, tracking, and quality review to increase transparency and reduce unit cost. Deliver executive-ready insights to leadership and shift the policy function to a value-added advisory model that empowers stakeholders, distributes ownership, and enables connected data access.
• Define a target operating model with standardized methods, templates, and minimum content requirements to ensure consistency and alignment to enterprise standards. Strengthen quality assurance through defined criteria and ongoing monitoring of regulatory and threat changes, supported by knowledge management, playbooks, training, and coaching to sustain adoption.

Required Qualifications

• 10+ years of professional experience in Cyber Security, Governance, Law or Policy
• Proven experience in process re-engineering
• Deep knowledge of policy and laws, rules and regulations related to Cyber security
• Bachelor's degree in Cyber Security, Computer Science, Information Security, Law, Public Policy or related experience.

Desired Qualifications

• CISSP, CISM, CRISC

Skills:

• Customer and Client Focus
• Interpret Relevant Laws, Rules, and Regulations
• Policies, Procedures, and Guidelines
• Problem Solving
• Quality Assurance
• Business Process Analysis
• Data Privacy and Protection
• Innovative Thinking
• Risk Analytics
• Stakeholder Management
• Business Acumen
• Business Continuity Management
• Data Governance
• External Resource Management
• Information Systems Management

Shift:

Hours Per Week: