Sr. Information Security Architect u2013 AI & Cloud ...

Sr. Information Security Architect u2013 AI & Cloud Security Washington, District of Columbia;Chicago, Illinois; Denver, Colorado To proceed with your application, you must be at least 18 years of age. Acknowledge ( Bank of America employees are required to meet all posting eligibility requirements prior to applying for any new position. Acknowledge ( Refer a friend To proceed with your application, you must be at least 18 years of age. Acknowledge ( Bank of America employees are required to meet all posting eligibility requirements prior to applying for any new position. Acknowledge ( Job Description: At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammatesu2019 physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us The Sr. Information Security Architect u2013 AI & Cloud Security is a senior member of the BISO Secure Solutions Design team responsible for defining secure architecture patterns, assessing emerging AI/ML solutions, and ensuring alignment with Global Information Security (GIS) policies and enterprise architecture strategies. This role provides deep technical expertise in security design, risk evaluation, and threat modeling for both traditional systems and modern AI/Generative AI workloads. This job is responsible for defining secure solution intent, evaluating system impacts, performing technical architecture assessments, and translating complex requirements into actionable controls across cloud, data, and application environments. You will partner closely with technology leaders, product teams, developers, and enterprise architects to ensure security is embedded into early design and that Generative AI systems are deployed in a resilient, safe, and compliant manner. The ideal candidate brings broad architecture experience, hands on technical depth, strong threat modeling skills, and demonstrated expertise securing AI, ML, and LLM-based systems. Required Qualifications u2022 8+ years of experience in information security or enterprise architecture, with recent focus on AI/ML or Generative AI security. u2022 Proven experience performing secure architecture assessments, design reviews, and threat models for complex, integrated systems. u2022 Strong understanding of Generative AI, LLM risk, and security frameworks (MITRE ATLAS, OWASP LLM Top 10, NIST AI RMF). u2022 Broad experience across cloud platforms (AWS), identity, key management, secrets management, networking, containers, and API security. u2022 Expertise in interpreting and applying internal security policies, standards, and controls. u2022 Strong communication skills with the ability to convey complex technical concepts to technical and non technical audiences, including senior leadership. u2022 Demonstrated ability to drive decisions, collaborate across teams, and balance risk vs. business needs. u2022 Hands-on experience preparing technical diagrams and threat models. Desired Qualifications u2022 Experience with advanced developer tools such as GitHub Copilot, Microsoft Copilot Studio, or similar AI coding assistants. u2022 Certifications such as CISSP, CISM, CCSP, CCSK, CRISC, or cloud architecture/security certifications. u2022 Familiarity with agile methodologies, DevOps practices, CI/CD pipelines, and developer experience platforms. u2022 Experience in financial services or other regulated industries. Key Responsibilities Security Architecture & Solution Design u2022 Develop and maintain secure design patterns and controls for AI/ML solutions, including LLMs, RAG architectures, vector databases, and enterprise AI agents. u2022 Define secure operating environment and ensure alignment with enterprise architecture strategy and GIS standards. u2022 Evaluate system impacts, data flows, integration points, and non-functional requirements such as security. u2022 Provide solution options to resolve architectural constraints and remove design impediments. u2022 Participate in design reviews, feature decomposition, and technical governance for AI-enabled platforms and SDLC-integrated developer tools (e.g., GitHub Copilot, Microsoft Copilot Studio). AI/ML Security, Threat Modeling & Risk Assessments u2022 Conduct AI-specific risk assessments using frameworks including MITRE ATLAS, OWASP Top 10 for LLMs/GenAI, and NIST AI RMF. u2022 Perform detailed threat modeling (STRIDE or equivalent) for cloud, application, data, and AI use cases. u2022 Identify risks such as prompt injection, model/data poisoning, data leakage, model theft, hallucinations, and supply chain risk across model, dataset, and embedding ecosystems. u2022 Define compensating controls and architectural safeguards for AI/ML pipelines, including input/output filtering, retrieval restrictions, data minimization, privacy controls, and identity boundaries. Collaboration & Governance u2022 Work across lines of business, operations, enterprise architecture, data science, and development teams to ensure clear solution intent and secure-by-design outcomes. u2022 Translate policy and standards into actionable architecture guidance for delivery teams. u2022 Educate partners on architectural best practices, security control requirements, and evolving AI threat landscapes. u2022 Support technology stack evaluations and selection of secure tools, platforms, and third-party integrations. u2022 Provide architecture review documentation, data flow diagrams, and risk summaries to support governance processes. Skills: + Analytical Thinking + Architecture + Result Orientation + Solution Design + Technical Strategy Development + Application Development + Collaboration + Data Management + DevOps Practices + Risk Management + Agile Practices + Automation + Influence + Solution Delivery Process + Test Engineering Shift: 1st shift (United States of America) Hours Per Week: 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your

Created: 2026-03-16