Sr. Business Information Security Officer (Biso)

Bank Of America Corporation Chicago , IL 60602

Posted 3 months ago

Job Description:

Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.

The Business Information Security Officer (BISO) function within Global Information Security is responsible for information security control enforcement, cybersecurity awareness, and enablement across all lines of business, enterprise functions, technology, and operations teams. The BISO team also leads cybersecurity external engagement.

The Senior Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies and controls.


  • Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.

  • Serves as an Information Security subject matter expert and participates in the development, implementation and maintenance of information security for the line of business (LOB)

  • Provides guidance and advocacy regarding the prioritization of LOB investments that impact information security

  • Advises LOB management on risk issues related to information security and recommends actions in support of the bank's wider risk management and compliance programs

  • Monitors information security trends internal and external to the bank and keeps LOB leadership informed about information security-related

  • Manages quality control and reporting

  • Ensures compliance with policies and laws

Risk Management

  • Drives GIS/LOB risk deliverables

  • Collaborates with risk partners on info security critical priorities

  • Participates in senior LOB specific Risk Management & Business Continuity Routines

  • Identifies and measures global information security (GIS) controls on most critical business processes or channels


  • Has a deep understanding of security for computing platforms (PaaS)

  • Has a solid grasp of security in big data and other instructed large data structures

  • Ability to build strong Partner relationships with peer technology groups and supported LOB

  • Supports the triage process with the client and helps them understand the GIS support structure

  • Drives required risk culture and partnership with peer technology teams and supported LOB

  • Participates in key CIO operating routines to drive information security risk strategy.

Required Skills

  • Information Security & Technology professional with 10+ years' experience

  • 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations

  • Subject matter expertise in application security, vulnerability testing and development of risk appetite

  • Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS)

  • Experience with information security for No SQL, Big Data , and unstructured data stores (Cassandra, Hadoop, and /or Teradata)

  • Knowledge in Windows, Midrange and Mainframe Platforms with emphasis on security and access controls.

  • Exceptional executive presentation and communication skills

  • Excellent influencing and problem resolution skills

  • Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding

  • Strong leadership skills and qualities which enable you to work with peers and various levels of management

Desired Skills:

  • Bachelors and/or Master's degree in Computer Science, Information Technology or related field

Posting Date: 08/19/2019

Location: Denver, CO, REPUBLIC PLAZA, 370 17TH ST, Chicago, IL, 135 S LA SALLE ST (IL4135), - United States

Travel: Yes, 5% of the time

Full / Part-time: Full time

Hours Per Week: 40

Shift: 1st shift

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Chief Information Security Officer

Privatebancorp, Inc.

Posted 4 days ago

VIEW JOBS 11/8/2019 12:00:00 AM 2020-02-06T00:00 Overview CIBC is a leading North American financial institution with 10 million personal banking, business, public sector and institutional clients. CIBC offers a full range of advice, solutions and services in the United States, across Canada and around the world. In the U.S., CIBC Bank USA provides commercial banking, private and personal banking and small business banking solutions and CIBC Private Wealth Management offers investment management, wealth strategies and legacy planning. CIBC works to help you make your ambitions a reality with a team that is committed to being always professional, genuinely caring and collaborates to find simple solutions as we build our relationship-focused bank for the modern world. Every year, CIBC is recognized for its business success, community commitment and employee initiatives. We are proud of this success and are committed to creating an inclusive workplace and an environment where all of our team members can excel. Responsibilities The Chief Information Security Officer (CISO) for the US Region is responsible for establishing and maintaining a Region-wide information security management program to ensure that information assets and employees are adequately protected. This position is responsible for ensuring that information security risks are identified, evaluated, mitigated and reported in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the US Region. The position requires a visionary leader with proven business management skills and a broad understanding of information security technologies and threats. The CISO will lead a team of three Managing Directors with approx. 20 practitioners proactively working with business and technology partners to implement a strategy and practices that meet defined policies and standards for information security. He or she will also oversee a variety of security related risk management activities. A key element of the role is working with executive management to determine acceptable levels of risk for the organization. The CISO must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode. The CISO must be able to effectively collaborate with the foreign based parent organization on a broad range of issues including leveraging enterprise capabilities to support the US Region Information Security Strategy and Program. This would also include active support of the parent organizations governance of the US Regions' Information Security Program and day to day operations. The CISO will be directly responsible for the management of three operational functions: Information Security Identity & Access Management Vendor Risk Management CROSS-FUNCTIONAL RELATIONSHIPS * Peers within the US Region and parent bank organizations * Will be required to foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology * Regular interaction with the US Region Executive Committee and Board of Directors * Chairs the US Security Programs Committee representing Information Security across US Region management * Member of a range of committee's including the Risk Management Committee and the US Region Operating Committee, Management Risk Committee COMPLIANCE REQUIREMENTS/RESPONSIBILITIES * As an employee of CIBC, the CISO must comply with all applicable CIBC and Line of Business policies, standards, guidelines and controls JOB DIMENSIONS * Providing clear, consistent leadership, advice and representation on all aspects of Information Security * Demonstrating effective management, communication, and negotiation skills to drive complex initiatives towards completion including those with a cross boarder dimension * Fostering collaborative and supportive relationships that promote effective Information Security risk management and key information security initiatives * Interfacing and negotiating effectively with a wide range of audiences, including senior management * Collaborating with a range of functions including Compliance, Regulatory Affairs and the parent organization to monitor developments in the areas of legal, regulatory, corporate requirements, technological developments, and best practices in the security governance and compliance field * Leading the enhancement of a comprehensive monitoring and reporting regime for Information Security in the US Region to identify, manage, track and communicate information security risk Qualifications * Advanced knowledge of applicable US and Canadian laws and regulations as they relate to Information Security and the effective management of Information Security Risks * 10+ years of managerial experience in information security including successfully managing mergers, acquisitions and related activities * Enterprise level experience including managing and successfully delivering cross functional initiatives * CISO designation and associated certifications e.g. CISSP, CISM, CISA, at a prior financial institution of similar scope and scale * A university degree in Information or Technology Management or Risk Management or equivalent work experience. * Demonstrable experience in implementing strategic plans and managing an information security program. * Extensive experience in the design and testing of formal Key Controls in support of compliance to a range of regulatory and legislative requirements including Sarbanes-Oxley, NY DFS 500 etc * Advanced understanding an experience in managing business processes and budgeting * Advanced understanding of human resource management principles and practices Skills Required: * Exceptional and proven leadership capabilities – communication, influence & negotiation, conflict resolution, people management, relationship management (internal/external), and team building * Proven ability to successfully partner with internal clients and vendors to align strategy with deliverables, identify business challenges and develop alternatives to mitigate * Enjoys working in a team-oriented, collaborative environment * Strong service management and service delivery orientation * Excellent written, oral, and interpersonal communication skills * Ability to present ideas in at appropriate levels for different audiences * Proven ability to work within a changing environment and lead the implementation of change * Ability to apply change management principles to initiatives of variable sizes and degrees of complexities * Ability to assess the impact or potential impact of change management initiatives of various sizes and degrees of complexities on business financials and performance * Advanced level of creativity, strategic thinking and problem management skills * Ability to conduct and direct research into information security issues * Self-motivated, self-directed, attentive to detail, and able to multi-task * Ability to effectively prioritize and execute tasks in a high-pressure environment Privatebancorp, Inc. Chicago IL

Sr. Business Information Security Officer (Biso)

Bank Of America Corporation