Business Information Security Officer

Bank Of America Corporation Chicago , IL 60602

Posted 2 weeks ago

Job Description:

Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.

The Business Information Security Officer (BISO) function within Global Information Security is responsible for information security control enforcement, cybersecurity awareness, and enablement across all lines of business, enterprise functions, technology, and operations teams. The BISO team also leads cybersecurity external engagement.

The Senior Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies and controls.


  • Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.

  • Serves as an Information Security subject matter expert and participates in the development, implementation and maintenance of information security for the line of business (LOB)

  • Provides guidance and advocacy regarding the prioritization of LOB investments that impact information security

  • Advises LOB management on risk issues related to information security and recommends actions in support of the bank's wider risk management and compliance programs

  • Monitors information security trends internal and external to the bank and keeps LOB leadership informed about information security-related

  • Manages quality control and reporting

  • Ensures compliance with policies and laws

Risk Management

  • Drives GIS/LOB risk deliverables

  • Collaborates with risk partners on info security critical priorities

  • Participates in senior LOB specific Risk Management & Business Continuity Routines

  • Identifies and measures global information security (GIS) controls on most critical business processes or channels


  • Has a deep understanding of security for computing platforms (PaaS)

  • Has a solid grasp of security in big data and other instructed large data structures

  • Ability to build strong Partner relationships with peer technology groups and supported LOB

  • Supports the triage process with the client and helps them understand the GIS support structure

  • Drives required risk culture and partnership with peer technology teams and supported LOB

  • Participates in key CIO operating routines to drive information security risk strategy

Required Skills

  • Information Security & Technology professional with 10+ years' experience

  • 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations

  • Subject matter expertise in application security, vulnerability testing and development of risk appetite

  • Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS)

  • Experience with information security for No SQL, Big Data , and unstructured data stores (Cassandra, Hadoop, and /or Teradata)

  • Knowledge in Windows, Midrange and Mainframe Platforms with emphasis on security and access controls.

  • Exceptional executive presentation and communication skills

  • Excellent influencing and problem resolution skills

  • Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding

  • Strong leadership skills and qualities which enable you to work with peers and various levels of management

Desired Skills:

  • Bachelors and/or Master's degree in Computer Science, Information Technology or related field


1st shift (United States of America)

Hours Per Week:


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Engineer 5 Threat Disruptions

Wells Fargo

Posted 5 days ago

VIEW JOBS 3/26/2020 12:00:00 AM 2020-06-24T00:00 Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as "Personal Cell" or "Cellular" in the contact information of your application. At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo's more than 70 million global customers. INFORMATION SECURITY: Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle. Information and Cyber Security's (ICS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, IS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. IS is part of Wells Fargo's Technology organization and is led by the Chief Information Security Officer. Job Description: Our ICS team is looking for a strong cyber security professional to join our Threat Disruptions team. The ideal candidate will have a well-rounded background in incident response, threat detection, phishing, and cybercrime. The ideal candidate will have experience in conducting research and identifying methods to detect emerging cyber threats, attack methods, and evolving Tactics, Techniques, and Procedures (TTPs) with an emphasis on phishing and/or cybercrime. The candidate should have some experience with data analytic techniques, including machine learning, statistics and data mining to solve core business challenges. Additionally, the candidate should have a solid understanding of in endpoint/network defenses and security incident response. Strong verbal and written communication skills are desired, in order to ensure thorough and accurate reporting during and concluding a security incident. The candidate will also play a major role in our phishing disruption efforts, including creation of new logic and procedures to identify phishing attacks impacting Wells Fargo customers and employees. Regular collaboration with multiple teams such as the Cyber Threat Fusion Center, Security Content Development, Cyber Threat Intelligence, and Offensive Security teams will be critical to success. Required Qualifications * 7+ years of information security applications and systems experience * 2+ years of email security experience with industry standard tools * 3+ years of Incident Response Protocols and Tools experience Desired Qualifications * Advanced Information Security technical skills and understanding of information security practices and policies * Ability to manage complex issues and develop solutions * Excellent verbal and written communication skills * 1+ year of Cyber Resilience experience * 3+ years of financial crimes experience * Experience overseeing development of counter-measure strategies and tactics to offset emerging and evolving external threats from malware/viruses, phishing, pharming and other social engineering schemes * Ability to execute in a fast paced, high demand, environment while balancing multiple priorities * Experience working in a large enterprise environment * Knowledge and understanding of financial crimes investigation * Knowledge and understanding of banking or financial services industry Other Desired Qualifications * 5+ years of experience with network security, endpoint security, or security threat vectors * 5+ years of cyber security incidents and events investigation experience * 4+ years of experience with one or a combination of the following email security tools: Proofpoint, SendMail, Cisco IronPort, Symantec Email Security (Cloud and Messaging Gateway), Mimecast, Barracuda Networks, Fortinet (Fortimail) or FireEye * 3+ years of experience managing cybercrime detection, investigation, and intelligence strategies * Hands-on experience with information security tools such as an enterprise SIEM solution, IDS/IPS, endpoint security solutions, email/web security gateways, and other security detection/mitigation devices * Experience with host and/or network log analysis as applied to incident response / threat hunting * Knowledge of offensive security, with the ability to think like an adversary when hunting and responding to incidents * Strong ability to identify anomalous behavior on endpoint devices and/or network communications * Strong experience in operating system and application security hardening and best practices * Strong investigative mindset with an attention to detail * Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux * Advanced problem solving skills, ability to develop effective long-term solutions to complex problems * Flexibility to address incidents as needed 24 hours a day * Certifications in one or more of the following: Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensics Analyst (GNFA), Offensive Security (OSCP/OSCE/etc), or other relevant certifications. Job Expectations * Ability to travel up to 10% of the time Disclaimer All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act. Relevant military experience is considered for veterans and transitioning service men and women. Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation. Wells Fargo Chicago IL

Business Information Security Officer

Bank Of America Corporation