Cyber Security Network Assessment Analyst

Bank Of America Corporation Chicago , IL 60602

Posted 2 months ago

Job Description:

Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our innovative and forward thinking team.

What We Do:

At Bank of America, we handle the finances of over 67 million client relationships every day, including helping them save, borrow, and invest for today and for their future. We stand by our clients each and every day giving them the power to realize their personal financial goals and help make their financial lives better.

The Global Information Security organization is responsible for protecting bank information systems, confidential and proprietary data, and customer information. The team:

  • Develops the bank's Information security strategy and policy

  • Manages the Information security program and identifies and addresses vulnerabilities

  • Develops, deploys and manages a risk-based controls portfolio

  • Manages and operates a global security operations center that monitors, detects and responds to cybersecurity incidents

What We're Looking For:

We're looking for the next generation of Cyber security experts - those with a passion for growing a long-term career, building relationships and working with a team of innovative and forward thinking information security professionals. Our cyber team is meant for those looking to make a real impact and build a career in information security. The role is ideal for those who have a passion to work with industry leaders to protect our brand and the customer/client experience by proactively detecting, disrupting, and mitigating cyber security across the organization.

What You'll Get:

From day one, you'll receive training including hands-on practice, personalized coaching and dedicated support throughout your on-boarding experience. With demonstrated success, you'll have the opportunity to advance into many different roles with Global Information Security - with unlimited opportunity to grow throughout your career. You will be supported with dedicated programs, tools, and resources throughout your career journey.

We'll help you:

  • Build a successful career at Bank of America through world-class training and on-boarding programs that set you up for success

  • Grow in your current role through one-on-one coaching from managers who are invested in your success and training programs that help you excel, build new skills or take on additional responsibility

  • Continuously learn and advance your career goals through intentional career paths to the next best role

  • Use resources and innovative technologies to optimize the client experience

  • Expand your business knowledge and network by partnering with experts in Global Information Security, Global Technology and other lines of business

  • Become an expert in what you do

What you can look forward to:

  • Ongoing professional development to deepen your skills and optimize your expertise as the industry evolves and changes

  • Resources and dedicated support to help you reach your full potential throughout your career

  • A benefits program designed to meet the diverse needs of our employees at every stage of their life and help them plan for tomorrow

  • Progressive workplace practices and initiatives that promote inclusion

We're a culture that:

  • Believes in responsible growth and has a proven dedication to supporting the communities we serve.

  • Provides continuous training and developmental opportunities to help people achieve their goals, whatever their background or experience.

  • Believes diversity makes us stronger, so we can reflect, connect to and meet the diverse needs of our clients and customers around the world.

  • Is committed to advancing our tools, technology, and ways of working. We always put our clients first to meet their evolving needs.

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank's Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents.

Role Description: The Cyber Security Assurance (CSA) Network Security Risk Assessment Assessor role is responsible for performing Network Security Risk Assessments in order to identify current and emerging threats to network security, identify best practice controls to mitigate and then assess our policy and standards to determine if appropriate to mitigate the threats identified. The role will also have overall process governance responsibilities.

Responsibilities include:

  • Governance: overall governance of the assessment and ensuring network security decisions and key findings run through the relevant governance processes

  • Maintaining the Threat Inventory and Country Risk: review of monthly CTDO reports, perform biannual MITRE attack review and country risk review

  • Conduct Enterprise Policy and Standard Assessment: Map threats to industry framework controls

Map Industry Framework Controls to Policies and Standards, Conduct gap analysis between industry framework controls and Bank Policies and Standards

  • Document, Disposition and tracking of remediation of Gaps

  • Prepare relevant materials for escalation and presentation at relevant governance forums

Required Skills:

  • Strong understanding of Issues Management processes, risk management and governance

  • Highly organized with ability to plan and direct routines to achieve business outcomes

  • Project or project management skills

  • Good communication and stakeholder management skills

  • Interacting extensively with internal or external stakeholders to identify, analyze, and resolve security gaps

  • Setting expectations with CSA leaders on timing and level of effort

  • Beneficial: understanding of network security threats, industry framework controls (CIS and NIST), and BAC Policies and Standards Framework

Enterprise Job Description: Evaluates and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new IT systems meet Enterprise information security requirements and risk appetite. Leverages knowledge of IT platforms, tools and concepts, such as network devices and topologies, servers and systems architectures. Leverages deep knowledge of information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, tools, laws, rules, regulations, and/or coordinates efforts to mitigate/remediate information security risks. Works with internal and external stakeholders (ex: LOB delegates, SMEs, regulators). Develops, refines, implements, and/or governs Enterprise-wide information security policies, procedures, and standards, as well as industry-leading information security reporting, risk scoring, and governance for the Enterprise. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 3-5 years of relevant experience and will be an individual contributor.


1st shift (United States of America)

Hours Per Week:


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Analyst Cyber Security Governance Risk Management And Compliance (Remote Opportunity)

Hyatt Hotels Corp.

Posted 1 week ago

VIEW JOBS 9/27/2022 12:00:00 AM 2022-12-26T00:00 <p>At Hyatt Hotels, Cyber Security is a very important part of our mission to take care of people so they can be their best. The Analyst - Cyber Security Governance, Risk Management, and Compliance (GRC) plays a crucial role in completing that mission every day by ensuring that Hyatt manages known and unknown risks. As a contributor on the Cyber Security GRC team the Analyst ensures compliance with Cyber Security regulations that Hyatt must follow, tracks compliance to the enterprise Risk Management Framework, and works to remediate identified security vulnerabilities in a timely manner. It is important that Hyatt maintain an effective cyber security compliance program and the Analyst plays the most important role in that function.</p><p>Position Responsibilities / Essential Functions</p><ul><li><p>Maintain Hyatt's Payment Card Industry (PCI) compliance program, working with diverse teams throughout Information Technology and the Global Operations Center to ensure that Hyatt handles cardholder data in an appropriate way.</p></li><li><p>Assists with Hyatt's relationships with our credit card partners, ensuring all relevant timelines for document submissions are met.</p></li><li><p>Act as the Cyber Security resource for security-related efforts conducted by Internal Audit.</p></li><li><p>Participate on internal committees concerning information governance, records retention, and data privacy.</p></li><li><p>Work with internal and external penetration testing resources to track the remediation of identified security vulnerabilities.</p></li><li><p>Periodically update Hyatt's Cyber Security Policies, taking into account the feedback of stakeholders and current events to craft a cohesive and readable document.</p></li><li><p>Conduct global phishing awareness and training campaigns. Assist with aggregation and presentation of metrics to leadership.</p></li><li><p>Demonstrate a commitment to Hyatt core values</p></li><li><p>The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary</p></li></ul><p>Experience</p><ul><li>At least three years of experience in the Cyber Security Governance or Auditing professions are preferred; however, any combination of experience, education, and certification that demonstrates the candidate can be successful in the position is acceptable.</li></ul><p>Education</p><ul><li>A Bachelor's degree or better in Cyber Security, Information Systems Auditing, or any other security-related subject is preferred; however, any combination of education, experience, and certification that demonstrates the candidate can be successful in the position is acceptable.</li></ul><p>Certificates, Licenses, Registrations</p><ul><li>A CISSP or CISA certification is preferred; however, any combination of certification, education, and experience that demonstrates the candidate can be successful in the position is acceptable.</li></ul><p>Computer Skills Needed to Perform this Job</p><ul><li><p>Experience with and detailed understanding of the requirements of the Payment Card Industry Data Security Standard (PCI-DSS) is required.</p></li><li><p>Experience with phishing awareness platform(s) is preferred.</p></li><li><p>Experience with and detailed understanding of the control requirements of the Center for Internet Security Critical Security Controls (CIS CSC) is preferred.</p></li><li><p>Experience with project management and tracking remediation of cyber security vulnerabilities is preferred.</p></li><li><p>Experience with and understanding of Sarbanes Oxley is preferred.</p></li></ul><p>Additional Comments and Requirements</p><ul><li>Ability to travel on an as-needed basis (up to 10% of total work hours).</li></ul> Hyatt Hotels Corp. Chicago IL

Cyber Security Network Assessment Analyst

Bank Of America Corporation