The associate would be responsible to play a critical role in understanding the risk generated by new unevaluated technologies and threat landscape by analyzing, anticipating, and tracking the evolving threats and risks. The role involves a combination of technology risk evaluation (both hardware and applications) and vulnerability analysis. The role will involve analyzing risks using information from lines of business, data repositories on risk and internet based research. The associate will be accountable for reviewing security architecture and comprehensive security analysis for requested products, network and security and application vulnerabilities
Through this role, the ultimate goal of the Bank is to avoid the emerging threats by alerting the relevant stakeholders beforehand. This role focuses on a cognitive process that enables effectual analysis, which helps lines of business take information security decisions. The associate will use technical and non-technical methods to know about and generalize patterns, sequences of raw data for analysis and information on product specific vulnerabilities.
Provide security advisory, assess business cases, IT strategy and roadmap, high level architecture, and review design with reference to security implications of the product in Bank.
Identifying security vulnerabilities and control gaps that should be remediated prior to implementing the technology
Act as a consultant and security approver for the lines of business in their technology approval process
Enlist the assistance of technology experts in other areas of the Bank to assure the correct selection of new technologies for the GIS organization while also assessing those technologies for security risks
Responsible for analyzing the Bank's environment globally for cyber security risks and vulnerabilities
Responsible for understanding security threats and threat management
Use CVSS vulnerability rating mechanism to rate known vulnerabilities
Create advisories for stakeholders on known vulnerabilities
Rate severity of findings generated by audits / assessments of third parties conducted by the Bank's cyber security teams.
Lead global calls during Bank wide security events, co-ordination with global security teams for analysis
Interface with high-level client executives and the client's hands-on technology practitioners
Required Job Skills:
BSc/BE/BTECH/MCA/MSc (IT) equivalent (Technical / Security Degree)
4 to 8 years' of experience in cyber security or a technology-related field.
Experience in vulnerability assessment, security incident response, application security
Evaluating threats / risks posed by new technologies spanning networks, hardware, software etc.
Experience in analyzing and responding to advanced cyber threats, technology risk and the motivation and attack vectors of each threat
Excellent verbal and written communication skills. An ability to communicate with business leaders, users and tech-savvy stakeholders.
Ability to take ownership of an initiative, issue and take it to completion
Ability to work in collaborative environment.
Familiarity with intelligence analysis tools, methods and the intelligence life cycle
Desired Job Skills:
Certifications: CISSP (ISC2), CISM (ISACA), GIAC
Create reports and analyze reports for a diverse group of stakeholders
Experience with basic SharePoint usage
Posting Date: 08/12/2019
Location: Denver, CO, REPUBLIC PLAZA, 370 17TH ST, Addison, TX, 16001 N Dallas Pkwy (TX8044), - United States
Travel: Yes, 5% of the time
Full / Part-time: Full time
Hours Per Week: 40
Shift: 1st shift
Bank Of America Corporation