Risk Engagement Lead Consultant

Job Description:Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.The Chief Operations Office (COO) function within Global Information Security is responsible for business operations, finance and resource management, performance management and metrics. The COO team is also responsible for development and implementation of an integrated GIS workforce strategy that delivers on future-state resource, location and training goals.This individual contributor role will support disciplined execution of activities related to issues and exam management. The role will be primarily responsible for identifying and documenting risks and related mitigation plans as well as validation of evidence to support risk mitigation for all GIS related Audit, Compliance, Ops Risk, Regulatory and/or GIS identified risks, issues, control enhancements and MRAs within defined SLAs. This includes leading and facilitating meetings to debate and understand risks, and drafting clear and articulate issue summaries and mitigation plans to be reviewed by senior and executive management, ensuring evidence is sufficient to warrant closure of an issue, and responding timely to ad hoc inquiries from Risk, Internal Audit and Regulators. The candidate will be expected to manage a portfolio of risks and issues and understand holistic risks across their assigned area and be able to make determinations on how they may affect other divisions and GIS as a whole. The candidate will be expected to develop and present routine reports and metrics related to the process. The candidate will also be expected to work with Issue Owners to drive on time remediation and to escalate potential roadblocks that may delay on-time completion. In addition, the candidate will participate in efficiency projects, execution of strategy and demonstrate an intense desire for personal development.Required Skills:Cyber security or information security domain knowledgeWide knowledge of computing platforms and solutionsCapable of analyzing, simplifying and expressing complex problemsExcellent communication skills (presentation and influencer) and ability to synthesize information in order to drive team to resultsAbility to "connect the dots" for others across multiple data points, make connections upstream/downstream that may not be easily noticeableAbility to work in a highly visible and fast-paced environment, where business needs/priorities may change and path forward is not always black/whiteKnowledge of project management conceptsDesire for obtaining new information or knowledgeSelf-starter, organized, versatile, and capable of performing work with minimal management oversightExcellent time management skills and ability to juggle multiple, competing prioritiesA problem solver who can manage through ambiguity successfullyExhibit strong relationship management and interpersonal skillsAbility to work through controversial situationsExcellent facilitation and presentation skillsDesired Skills:Bachelor''s and/or Master''s degreeCISSP, CRISC, CISA, CISM certification or similarPrior operational risk or compliance experience in the technology arenaDetailed, bank-specific risk management and governance experience.Ability to work with technical and non-technical business ownersEnterprise Role Overview: Evaluates and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new IT systems meet Enterprise information security requirements and risk appetite. Leverages knowledge of IT platforms, tools and concepts, such as network devices and topologies, servers and systems architectures. Leverages deep knowledge of information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, tools, laws, rules, regulations, and/or coordinates efforts to mitigate/remediate information security risks. Works with internal and external stakeholders (ex: LOB delegates, SMEs, regulators). Develops, refines, implements, and/or governs Enterprise-wide information security policies, procedures, and standards, as well as industry-leading information security reporting, risk scoring, and governance for the Enterprise. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 3-5 years of relevant experience and will be an individual contributor.Job Band:H5Shift: 1st shift (United States of America)Hours Per Week:40Weekly Schedule:Referral Bonus Amount:0 --> Job Description:Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.The Chief Operations Office (COO) function within Global Information Security is responsible for business operations, finance and resource management, performance management and metrics. The COO team is also responsible for development and implementation of an integrated GIS workforce strategy that delivers on future-state resource, location and training goals.This individual contributor role will support disciplined execution of activities related to issues and exam management. The role will be primarily responsible for identifying and documenting risks and related mitigation plans as well as validation of evidence to support risk mitigation for all GIS related Audit, Compliance, Ops Risk, Regulatory and/or GIS identified risks, issues, control enhancements and MRAs within defined SLAs. This includes leading and facilitating meetings to debate and understand risks, and drafting clear and articulate issue summaries and mitigation plans to be reviewed by senior and executive management, ensuring evidence is sufficient to warrant closure of an issue, and responding timely to ad hoc inquiries from Risk, Internal Audit and Regulators. The candidate will be expected to manage a portfolio of risks and issues and understand holistic risks across their assigned area and be able to make determinations on how they may affect other divisions and GIS as a whole. The candidate will be expected to develop and present routine reports and metrics related to the process. The candidate will also be expected to work with Issue Owners to drive on time remediation and to escalate potential roadblocks that may delay on-time completion. In addition, the candidate will participate in efficiency projects, execution of strategy and demonstrate an intense desire for personal development.Required Skills:Cyber security or information security domain knowledgeWide knowledge of computing platforms and solutionsCapable of analyzing, simplifying and expressing complex problemsExcellent communication skills (presentation and influencer) and ability to synthesize information in order to drive team to resultsAbility to "connect the dots" for others across multiple data points, make connections upstream/downstream that may not be easily noticeableAbility to work in a highly visible and fast-paced environment, where business needs/priorities may change and path forward is not always black/whiteKnowledge of project management conceptsDesire for obtaining new information or knowledgeSelf-starter, organized, versatile, and capable of performing work with minimal management oversightExcellent time management skills and ability to juggle multiple, competing prioritiesA problem solver who can manage through ambiguity successfullyExhibit strong relationship management and interpersonal skillsAbility to work through controversial situationsExcellent facilitation and presentation skillsDesired Skills:Bachelor''s and/or Master''s degreeCISSP, CRISC, CISA, CISM certification or similarPrior operational risk or compliance experience in the technology arenaDetailed, bank-specific risk management and governance experience.Ability to work with technical and non-technical business ownersEnterprise Role Overview: Evaluates and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new IT systems meet Enterprise information security requirements and risk appetite. Leverages knowledge of IT platforms, tools and concepts, such as network devices and topologies, servers and systems architectures. Leverages deep knowledge of information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, tools, laws, rules, regulations, and/or coordinates efforts to mitigate/remediate information security risks. Works with internal and external stakeholders (ex: LOB delegates, SMEs, regulators). Develops, refines, implements, and/or governs Enterprise-wide information security policies, procedures, and standards, as well as industry-leading information security reporting, risk scoring, and governance for the Enterprise. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 3-5 years of relevant experience and will be an individual contributor.Job Band:H5Shift: 1st shift (United States of America)Hours Per Week:40Weekly Schedule:Referral Bonus Amount:0 Job Description:Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.The Chief Operations Office (COO) function within Global Information Security is responsible for business operations, finance and resource management, performance management and metrics. The COO team is also responsible for development and implementation of an integrated GIS workforce strategy that delivers on future-state resource, location and training goals.This individual contributor role will support disciplined execution of activities related to issues and exam management. The role will be primarily responsible for identifying and documenting risks and related mitigation plans as well as validation of evidence to support risk mitigation for all GIS related Audit, Compliance, Ops Risk, Regulatory and/or GIS identified risks, issues, control enhancements and MRAs within defined SLAs. This includes leading and facilitating meetings to debate and understand risks, and drafting clear and articulate issue summaries and mitigation plans to be reviewed by senior and executive management, ensuring evidence is sufficient to warrant closure of an issue, and responding timely to ad hoc inquiries from Risk, Internal Audit and Regulators. The candidate will be expected to manage a portfolio of risks and issues and understand holistic risks across their assigned area and be able to make determinations on how they may affect other divisions and GIS as a whole. The candidate will be expected to develop and present routine reports and metrics related to the process. The candidate will also be expected to work with Issue Owners to drive on time remediation and to escalate potential roadblocks that may delay on-time completion. In addition, the candidate will participate in efficiency projects, execution of strategy and demonstrate an intense desire for personal development.Required Skills:Cyber security or information security domain knowledgeWide knowledge of computing platforms and solutionsCapable of analyzing, simplifying and expressing complex problemsExcellent communication skills (presentation and influencer) and ability to synthesize information in order to drive team to resultsAbility to "connect the dots" for others across multiple data points, make connections upstream/downstream that may not be easily noticeableAbility to work in a highly visible and fast-paced environment, where business needs/priorities may change and path forward is not always black/whiteKnowledge of project management conceptsDesire for obtaining new information or knowledgeSelf-starter, organized, versatile, and capable of performing work with minimal management oversightExcellent time management skills and ability to juggle multiple, competing prioritiesA problem solver who can manage through ambiguity successfullyExhibit strong relationship management and interpersonal skillsAbility to work through controversial situationsExcellent facilitation and presentation skillsDesired Skills:Bachelor''s and/or Master''s degreeCISSP, CRISC, CISA, CISM certification or similarPrior operational risk or compliance experience in the technology arenaDetailed, bank-specific risk management and governance experience.Ability to work with technical and non-technical business ownersEnterprise Role Overview: Evaluates and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new IT systems meet Enterprise information security requirements and risk appetite. Leverages knowledge of IT platforms, tools and concepts, such as network devices and topologies, servers and systems architectures. Leverages deep knowledge of information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, tools, laws, rules, regulations, and/or coordinates efforts to mitigate/remediate information security risks. Works with internal and external stakeholders (ex: LOB delegates, SMEs, regulators). Develops, refines, implements, and/or governs Enterprise-wide information security policies, procedures, and standards, as well as industry-leading information security reporting, risk scoring, and governance for the Enterprise. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 3-5 years of relevant experience and will be an individual contributor.Shift:1st shift (United States of America)Hours Per Week: 40

Created: 2021-11-29