Information Security Controls Senior Specialist
Charlotte, North Carolina;Atlanta, Georgia; Addison, Texas; Denver, Colorado; Jersey City, New Jersey; Washington, District of Columbia; Jacksonville, Florida; Chicago, Illinois
**Job Description:**
The Information Security Controls Senior Specialist will assist in the management and governance of GIS processes and related operational controls to drive alignment to enterprise policy. As a member of the Process Excellence team, you will serve as an ambassador for the process inventory by ensuring changes are socialized across GIS as well as FLU/CIO forums for applicable processes.
Provide analytical support in monitoring of internal process and control performance. Work with the GIS Process Owners, Control Owners and COO team to ensure process inventory reflects current organization. Also interface with our GCOR, Risk and Audit partners to inspect the completeness and accuracy of the process inventory. Prepare documentation for tracking, monitoring and socialization of process inventory changes to senior leaders and various governance forums.
Responsibilities of the position include:
Manage processes, risks, controls and performance metrics associated with the GIS process inventory
Partner with GCOR to define, document and improve engagement model for challenges, targeted assessments, monitoring and testing of GIS processes and controls
Educate GIS Process Owners, Process Delegates, Control Owners about roles and responsibilities
Partner with GIS Process Owners and FLU/CIO stakeholders to ensure centrally-owned GIS processes are well understood and socialized
Lead / facilitate meetings to review, understand and socialize needed changes to the process inventory
Review materials provided to ensure process changes consistent with enterprise policy
Understand the relationship between processes across GIS and determination of how they affect the divisions
Requirements:
Prior Governance, Risk, Compliance, and or Audit experience is desired
Prior experience with process, risks and controls management and governance
Influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding
Strong leadership skills and qualities which enable you to work with peers and various levels of management
Prior background in management experience with demonstrable ability to effectively apply risk principles to challenging business situations
Extensive information security expertise
Critical thinking/analytical skills
Strong analysis and fact-based decision-making
Ability to communicate complex information in simple terms (oral and written)
Strong organization skills with the ability to prioritize requests and workload accordingly
Enterprise Role Overview - Oversees, evaluates, and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new IT systems meet Enterprise information security requirements and risk appetite. Leverages experience and deep knowledge of IT platforms, tools and concepts, such as network devices and topologies, servers and systems architectures. Leverages subject matter expertise in information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, tools, laws, rules, regulations, and/or coordinates efforts to mitigate/remediate information security risks. Responsible for working with or providing oversight of relationships with internal and external stakeholders (ex: LOB delegates, SMEs, regulators). Develops, refines, implements, and/or governs Enterprise-wide information security policies, procedures, and standards, as well as industry-leading information security reporting, risk scoring, and governance for the Enterprise. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 5-10 years of relevant experience and is an individual contributor.
**Job Band:**
H4
**Shift:**
1st shift (United States of America)
**Hours Per Week:**
40
**Weekly Schedule:**
**Referral Bonus Amount:**
0
**Job Description:**
The Information Security Controls Senior Specialist will assist in the management and governance of GIS processes and related operational controls to drive alignment to enterprise policy. As a member of the Process Excellence team, you will serve as an ambassador for the process inventory by ensuring changes are socialized across GIS as well as FLU/CIO forums for applicable processes.
Provide analytical support in monitoring of internal process and control performance. Work with the GIS Process Owners, Control Owners and COO team to ensure process inventory reflects current organization. Also interface with our GCOR, Risk and Audit partners to inspect the completeness and accuracy of the process inventory. Prepare documentation for tracking, monitoring and socialization of process inventory changes to senior leaders and various governance forums.
Responsibilities of the position include:
Manage processes, risks, controls and performance metrics associated with the GIS process inventory
Partner with GCOR to define, document and improve engagement model for challenges, targeted assessments, monitoring and testing of GIS processes and controls
Educate GIS Process Owners, Process Delegates, Control Owners about roles and responsibilities
Partner with GIS Process Owners and FLU/CIO stakeholders to ensure centrally-owned GIS processes are well understood and socialized
Lead / facilitate meetings to review, understand and socialize needed changes to the process inventory
Review materials provided to ensure process changes consistent with enterprise policy
Understand the relationship between processes across GIS and determination of how they affect the divisions
Requirements:
Prior Governance, Risk, Compliance, and or Audit experience is desired
Prior experience with process, risks and controls management and governance
Influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding
Strong leadership skills and qualities which enable you to work with peers and various levels of management
Prior background in management experience with demonstrable ability to effectively apply risk principles to challenging business situations
Extensive information security expertise
Critical thinking/analytical skills
Strong analysis and fact-based decision-making
Ability to communicate complex information in simple terms (oral and written)
Strong organization skills with the ability to prioritize requests and workload accordingly
Enterprise Role Overview - Oversees, evaluates, and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new IT systems meet Enterprise information security requirements and risk appetite. Leverages experience and deep knowledge of IT platforms, tools and concepts, such as network devices and topologies, servers and systems architectures. Leverages subject matter expertise in information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, tools, laws, rules, regulations, and/or coordinates efforts to mitigate/remediate information security risks. Responsible for working with or providing oversight of relationships with internal and external stakeholders (ex: LOB delegates, SMEs, regulators). Develops, refines, implements, and/or governs Enterprise-wide information security policies, procedures, and standards, as well as industry-leading information security reporting, risk scoring, and governance for the Enterprise. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 5-10 years of relevant experience and is an individual contributor.
**Shift:**
1st shift (United States of America)
**Hours Per Week:**
40
Learn more about this role
Full time
JR-22082169
Band: H4
Manages People: No
Travel: No
Manager:
Talent Acquisition Contact:
Michael Maples
Referral Bonus:
0
Colorado pay and benefits information
**Colorado pay range:**
$125,000 - $155,000
annualized salary, offers to be determined based on experience, education and skill set.
**Discretionary incentive eligible**
This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.
**Benefits**
This role is currently benefits eligible . We provide industry-leading benefits, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.
Jersey City pay and benefits information
**Jersey City pay range:**
$125,000 - $155,000
annualized salary, offers to be determined based on experience, education and skill set.
**Discretionary incentive eligible**
This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.
**Benefits**
This role is currently benefits eligible . We provide industry-leading benefits, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .
To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (Policy) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of Americas Drug-free workplace and alcohol policy, CLICK HERE .
