Information Security Risk Officer
- New York, NY, USA New York NY US
- Permanent, Full time
- Bank of America Corporation
- 21 Apr 18 2018-04-21
Information Security Risk Officer
The Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization for Global Banking and Markets, and work closely with the Global Markets Lead BISO & Sr. BISOs as well as a major contributor to the Global Banking and Markets Chief Information Officers (CIOs)/Chief Technology Officers (CTOs) teams to develop a strong information security risk-based program. This relationship will ensure a focus on the appropriate risk priorities for the Bank and the business. The Information Security Officer will report to the Sr. BISO for Global Markets Technology & Operations within the Global Information Security organization. Some items The Information Security Officer will focus should demonstrate knowledge and experience in the areas (Hands-on preferred):
• Contribute to the ongoing information security initiatives and improvements development, implementation and maintenance of information security for the line of business (LOB)
• Possess strong development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post production and the different risk elements associated with each step.
• Acts as a point of contact to the LOB during information security incidents
• Monitors information security trends internal and external to the bank and keeps LOB leadership informed about information security-related issues and activities affecting the organization.
• Manages quality control and reporting
• Strong understanding/background with modern programming languages (such as Python, Ruby, or Java)
• Worked on the development of systems requires identification and authorization of users
• Implementation and/or management of encryption on an application. Either the transmission of data or the storage of data and/or the management of the keys and certificates to protect the information/communication.
• Drives GIS/LOB risk deliverables
• Collaborates with risk partners on info security critical priorities
• Identifies and measures global information security (GIS) controls on most critical business processes or channels
- 2-5 years of experience in technology and 5 + years in information security
- 2-5 years of experience in application development or application security
- Must display subject matter experience in application security, vulnerability testing, system testing, and/or Agile lifecycle management
- Strong LOB knowledge/experience for the type of business they are aligned to (e.g..CSBB/GBM)
- 1-2 years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
- Experience giving presentations and excellent communication skills
- Bachelor's and/or Master's degree in Computer Science, Information Technology or related field
Enterprise Role Overview:
As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.
1st shift (United States of America)
Hours Per Week: