Information Security Engineer (Browser Security Architect)

Bank Of America Corporation Waltham , MA 02154

Posted 4 weeks ago

Job Description:

Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.

The Cyber Security Technology (CST) function within Global Information Security is responsible for innovation and architecture, engineering, solutions and capabilities development, deployment maintenance and support of information technology security controls. The CST team is also responsible for the management of the program/project management teams.

The Information Security Engineer is responsible for helping to define, drive, and deliver major components of Bank of America's security strategy. You will work with the Program leader on complex, multi-million dollar projects that deliver world-class User/Data Protection controls in support of strategy. Knowledge and experience with information security controls, infrastructure and implementation techniques is a key component to this role. You will demonstrate extraordinary organizational and cross-functional communication skills to drive data loss prevention best practices across the Enterprise.

In this role, you will partner with Global Information Security (GIS) senior leaders to assist with defining the strategy and roadmaps for technology products, service standards, and governance routines that impact the global Corporation. You will be partnering with leadership across the Bank to design controls, governance routines, and service alternatives that improve the firm's defenses against Insider risks.

You may direct multiple major technology teams within Global Technology that research, engineer, test, implement, communicate, monitor, and maintain solutions supporting the Bank's information security policies and/or procedures. You will utilize your in-depth knowledge and business requirements to design and engineer secure solutions to meet customer/client needs, or to address critical audit findings while protecting the Bank's data assets.The browser security architect is an specialist in design patterns, standards, theory, and implementation of past, present and future web browser technology at Bank of America.

The architect ensures the viability of meeting enterprise cyber-security objectives using web technology, and possesses an advanced level of knowledge of browser architecture and internals, particularly as expressed against contemporary web applications and web-enabled frameworks (e.g., WebRTC, REST APIs and web sockets frameworks). The architect uses technology skills to understand technology risks associated to browsers and client-side web application contexts, and assists software architects, control owners, and technology strategy teams in identifying and navigating architecturally significant technology and risk landscapes. The architect partners with technologists from other enterprise technology functions in designing and fulfilling the enterprise browser strategy.

Required Skills:

  • Deep experience with Insider Threat as a focus area within Information Security

  • Knowledge of User and Entity Behavior Analytics and associated technologies

  • Familiarity Unstructured Data inspection technology

  • Experience and hands on knowledge with Data Loss Prevention security controls

  • Experience Web Proxy controls

  • Experience with Microsoft Office suite including MS Project and Visio

  • Ability to navigate and work effectively across a complex, geographically dispersed organization

  • Exceptional communication and customer relationship skills

  • Ability to build consensus and cooperation as well as to influence, interact and negotiate with senior leadership in the organization

  • Knowledge of change and project management methodologies and principles and the ability to integrate them into project design

  • Broad knowledge of Information Security technologies, techniques and processes

  • Familiarity with Six Sigma tools and vocabulary

  • Experience leading complex technical projects, meeting target timelines, facilitating project meetings, authoring project documentation, issue resolution, and project resource identification

  • Demonstrable ability to self-direct project outcomes, with minimal supervision to achieve program goals

  • Excellent process design capability to improve overall efficiency, mitigate resource conflicts, and improve customer/client experience

Posting Date: 03/27/2019

Location: Chicago, IL, 135 S LA SALLE ST (IL4135), Waltham, MA, 1025 Main St (MA6536), - United States

Travel: Yes, 5% of the time

Full / Part-time: Full time

Hours Per Week: 40

Shift: 1st shift


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Chief Information Security Officer Senior Vice President

Intralinks

Posted 5 days ago

VIEW JOBS 4/21/2019 12:00:00 AM 2019-07-20T00:00 Chief Information Security Officer (CISO) Waltham, MA From the Manager: This team secures and protects the world's largest exchange of M&A deal activity across an ecosystem of the most notable financial institutions in the industry. Our global SaaS solutions are trusted and continuously tested for bank grade security, regulatory compliance, and industry certifications. We are looking for a visionary leader with a "big picture" mindset, knowledge of business management, and a working global knowledge of information security technologies who can relate that vision to the business strategy and then communicate effectively with Executive Leadership Team and board members. Overview: Reporting to the EVP & Chief Product Officer, our CISO is responsible for establishing and maintaining the enterprise-wide security management program with the purpose of protecting company and client information and technical assets. In this position, you are responsible for identifying, evaluating and reporting on security risks, aligning security posture of the organization in a manner that supports effective protection of information assets, and managing and executing security controls in support of compliance and regulatory requirements. As the "next-generation" CISO you will be implementing change and evolving processes, developing strategies and resource plans, participating in board-level discussions, communicating with the top Security and Risk professionals, and implementing the latest Information Security tools and processes that ensure protection of company assets. The CISO will proactively work with business units to implement practices that meet defined policies and standards for information, and will serve as the process owner of all ongoing activities related to the confidentiality, integrity, and availability of customer, business partner, employee, and business information in compliance with the organization's Information Security policies. Responsibilities: * Develop, implement, and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the confidentiality, integrity, and availability of information owned, controlled, or processed by the company. * Manage the day to day operations of the enterprise's Information Security organization, including hiring, training, staff development, performance management, third party usage, and performance reviews. * Assess risk and continuously perform gap analysis on the security controls and strategy and propose changes to decrease risk while improving protection of Intralinks customer data. * Develop, publish, and maintain comprehensive information security standards, policies, procedures and guidelines. * Manage security incidents and events to protect corporate IT assets, and act as the primary corporate control point during follow-up on significant information security incidents. Oversee development of response plans and provide timely update reporting. * Advise the management team on risk issues that are related to information security and recommend actions in support of the company's wider risk management programs. * Facilitate the Risk Committee meetings with the management team as a continuous visibility of Intralinks Risk posture and maintain Intralinks responsibilities within its certification frameworks such as ISO 27001 and SOC2. * Collaborate with Audit & Compliance, Human Resources, Legal counsel and the organizational network on matters of ongoing and planned operations, all compliance matters, investigation of security incidents, disciplinary and legal actions and required security audits. * Monitor information security trends and evolving technologies and keep senior management informed about related information security issues and implications for the company. Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate this information to appropriate team members throughout the company on a timely basis. * Conduct regular and ongoing monitoring of and reporting on company-wide compliance with information security standards and policies. * Provide strategic risk guidance and advocacy for infrastructure investments and IT projects including project prioritization, and the evaluation and recommendation of technical controls. * Evaluate opportunities to extend the scope, geography and/or business processes included in Intralinks certifications. * Define, manage and respond to 3rd Party Penetration Testing. * Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the security program, facilitate appropriate resource allocation, and increase the security maturity level of the company. Qualifications: * 10+ years of progressive leadership experience in information security, including experience with SaaS and multi-tenant applications, Incident Response, managing audits and implementing processes and security controls to satisfy certifications such as ISO 27001 and NIST. * BA, BS or Master's Degree in a computer science or information systems related discipline required. Master's in Business Administration is a plus. * Experience with information system disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning. * Business system continuity planning, auditing, and risk management experience as it relates to information security. * Demonstrated capability to consult with the executive leaders in the design, development and execution of a global strategy that integrates all areas of Facilities, Physical Security, Business Continuity, Information Security, Employee and Asset Protection, Technology and Risk Management. * Familiarity with Information Security industry standards and best practices, as well as relevant frameworks and regulations (e.g. ISO, PCI DSS, HIPAA, GLBA, FISMA, NIST, CobiT, ISF). * One of the Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) is preferred. Travel: 10% Intralinks Waltham MA

Information Security Engineer (Browser Security Architect)

Bank Of America Corporation