Evaluation Analyst

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work and providing a culture of caring is core to how we drive Responsible Growth. We are intentional about fostering an inclusive workplace where every teammate has the opportunity to succeed, build a career and contribute to our shared success. This includes attracting and developing exceptional talent, recognizing and rewarding performance, and supporting our teammates’ physical, emotional, and financial wellness through affordable, competitive and flexible benefits.

We value the unique perspectives individuals bring from all backgrounds and career paths - whether shaped by military service, community college education, or a wide range of work and life experiences. These journeys foster resilience, leadership and innovation, strengthening our workforce and positively impact the communities we serve.

Bank of America is committed to an in-office culture that supports collaboration, engagement, and career development. Our approach includes clear in-office expectations, while providing an appropriate level of flexibility based on role-specific responsibilities and business needs.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Job Description:

The Global Information Security organization (GIS) at Bank of America protects bank information systems, confidential and proprietary data, and customer information. The Cyber Threat Evaluation and Prevention Team (CTEP) assesses threats and emerging risks, evaluates cyber security controls, and defines observations to remediate risks.

The Cyber Threat Evaluation and Prevention Program:

• Analyzes threats and incidents to the bank.
• Identifies gaps to be remediated by process and control owners.
• Evaluates and influences the improvement of Bank of America’s risk and control environment for cyber security threats and emerging risks.

Within CTEP, the Evaluation team:

• Analyzes threats and incidents sourced from GIS partner teams to identify and triage process and control weaknesses in context of risks arising from the threat.
• Documents defensive posture, process and control weaknesses, and overall risk of each threat.
• Reviews threats/incidents holistically to identify broad themes and strategic issues, enabling GIS to protect against cyber threats effectively and proactively.

The Role

The Evaluation Analyst plays an essential role in the Cyber Threat Defense Framework. The CTEP Evaluation Analyst conducts evaluations of threats and incidents and identifies opportunities for process and control enhancements. They support the organization in making decisions and taking action to improve how we defend the bank using threat led operations, in collaboration with other GIS control functions. The analyst conducts evaluations by engaging with subject matter experts and control owners, conducting independent research using various applications and tools and comprehensively documenting details on the threats and the banks defensive posture in the system of record. The analyst is also responsible for completing a Quality Assurance (QA) review to ensure all threats are comprehensive, complete, and accurate. Analyses include reviews of:

• Threats identified from internal and external intelligence sources.
• Cyber incidents and events managed at the Bank (e.g., Third-party incidents).
• Threat-based assessments conducted by GIS teams (e.g., Red Team).

Required Qualifications

• Strong technical writing capabilities; writing technical content in a broadly consumable format.
• Functional knowledge of information security, IT infrastructure, and risk management.
• Ability to prioritize and manage time effectively and work independently with minimal direction.
• Knowledge of Cyber Industry Frameworks like MITRE/NIST.
• Strategic thinking AND attention to detail – ability to think “like a threat actor.”
• Proficient computer/analytics skills – esp. Jira, Excel, Word, Power Point, Alteryx, etc.
• General understanding of bank policies, specific to data and privacy, third parties, incident management, vulnerability management, etc.

Desired Qualifications:

• Experience with cyber threat intelligence collection, analysis, and reporting.
• Experience responding to and managing security incidents and events.
• Experience creating, executing, and documenting assessments and exercises in JIRA.

Skills:

• Critical Thinking
• Customer and Client Focus
• Information Systems Management
• Problem Solving
• Threat Analysis
• Cyber Security
• Policies, Procedures, and Guidelines Management
• Quality Assurance
• Risk Analytics
• Technology System Assessment
• Business Acumen
• Business Intelligence
• Data Privacy and Protection
• Data and Trend Analysis
• Stakeholder Management

Shift:

Hours Per Week: