Global Technology Compliance and Opertional Risk - GIS BISO Oversight

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:
This job is responsible for executing second line of defense compliance and operational risk oversight for a Front Line Unit, Control Function, and/or Third Parties. Key responsibilities include ensuring requirements of the Global Compliance Enterprise Policy, the Operational Risk Management Enterprise Policy (collectively “the Policies”), the Compliance and Operational Risk Management Program and Standard Operating Procedures are implemented and identifying, challenging, escalating, and mitigating risks in a timely manner.

Responsibilities:

• Assesses risks and effectiveness of Front Line Unit (FLU) processes and controls to ensure compliance with applicable laws, rules, and regulations, while responding to regulatory inquiries, other audits, and examinations

• Engages in activities to provide independent compliance and operational risk oversight of FLU or Control Function (CF) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management Program and Standard Operating Procedures

• Identifies and escalates problems or issues that arise and drives actions to address the root causes that lead to compliance risk issues and/or operational risk losses

• Manages inventory of processes, risks, controls, and associated metrics for risk appetite and limits, reporting violations of compliance or regulatory activities

• Assists in the development of independent risk management reporting for respective area(s) of coverage as input into country/regional governance and management routines

• Analyzes and interprets applicable laws, rules, and regulations to provide clear and practical advice to stakeholders, and identify and manage risks

• Reviews and challenges FLU/CF process, risk, Single Process Inventory, and FLU/CF Risk and Control Self-Assessment related to themes or trends, while monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage

Skills:

• Advisory

• Monitoring, Surveillance, and Testing

• Regulatory Compliance

• Reporting

• Risk Management

• Critical Thinking

• Influence

• Interpret Relevant Laws, Rules, and Regulations

• Issue Management

• Policies, Procedures, and Guidelines Management

• Business Process Analysis

• Decision Making

• Negotiation

• Process Management

• Written Communications

Position will provide Compliance & Operational Risk Oversight multiple GIS BISO functions including BISO Operations & Vertical BISO’s. The role requires you to: 
•    Act as Risk Officer for Secure By Design Process 
•    Have Oversight on Cloud Security (SaaS) process 
•    Overseeing Self Service & Dynamic Code Scans, review of SBOM & Threat Model process as controls 
•    Advise GCOR Risk Specialists on performing their monitoring exercises and assist them in day to day activities. 
•    Review GIS Policy Exceptions Operations and enhance monitoring coverages 
•    Perform In-Line reviews and provide GCOR PoV on in-line reviews. 
•    Responsible to connect with stakeholders on a periodic basis 
•    Responsible to conduct Targeted Risk Assessments  
•    Challenge GIS BISO Operations processes and activities as appropriate 
•    Communicate with Executives on a regular basis on your assigned area of coverage / oversight. 
 
Technical Skillsets: 
•    Expertise in network security principles and technologies. 
•    Deep understanding of transmission protocols and secure communication channels. 
•    Knowledge of secure by design principles. 
•    Good understanding of Cloud Security Principles 
•    Experience performing threat modeling using frameworks like STRIDE , IruisRisk. 
•    Knowledge of Software Development and in-depth understanding of API’s.  
•    Proficiency in conducting technology reviews to assess security controls and identify gaps. 
•    Understanding of application scanning tools like CheckMarx / Invicti (NetSparker)  
•    Solid grasp of security architecture principles and best practices. 
•    Relevant certifications such as CISSP, CCSP, CISA, CISM, or CRISC are highly desirable. 
 

Required/Desired Qualifications: 
•    Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred. 
•    10+ years of experience in Cyber Security with expertise in multiple information security domains including Cloud.  
•    Proven track record of developing and implementing security strategies in complex environments. 
•    Strong leadership and communication skills, with the ability to influence stakeholders at all levels. 
•    Excellent problem-solving abilities and attention to detail. 
•    Ability to thrive in a fast-paced and dynamic environment. 
 

Additional Qualifications/Responsibilities:

• Communicates and Influences with Impact: 

• Communicates complex ideas in a way that is clear, direct, concise, simple and contextual; avoids jargon 

• Shapes the opinions and actions of others, gaining trust & commitment for desired outcomes 

• Adjusts style and personalizes message to best connect with others; inspires others to follow his/her lead  

• Constructively challenges; supports opinion and recommendations with facts and data 

• Shares opinion with confidence; is persistent and tenacious for what is right 

• Demonstrates productive edge, appropriately voicing and challenging opinions  

• Demonstrates productive partnering with various stakeholders across the enterprise at all levels 

• Role models effective communication and influence; develops others on this skill 

• Demonstrated Business Acumen:  

• Deep understanding of the organization's overall strategies and how the business operates 

• Deep understanding of what drives success through subject matter expertise of the products, customer and channels leveraged within the FLU  

• Identifies and influences business improvements and solutions - Proactively engages team/peers to transfer knowledge of the business 

• Makes tough business and people decisions 

• Demonstrated behaviors may include but are not limited to:  

• Demonstrates the ability to remain flexible and adaptable in order to learn/apply new concepts and stay current on emerging trends (i.e. new technology)  

• Asks questions in an effort to understand, drawing connections and similarities in order to frame new challenges/opportunities; leverages information to take calculated risks 

• Proactively brainstorms and researches a wide range of options to find the best solutions to address opportunities 

• Proactively engages others for feedback as an opportunity to drive improvement (for self and the business) 

• Delivers Results Through Management & Operational Excellence: 

• Demonstrates a deep understanding of owned processes and continually seeks opportunities to simplify and improve 

• Leads the execution of strategies through establishing clear accountability for self and the team 

• Raises performance expectations through planning and establishing routines to ensure goals are achieved  

• Proactively identifies and removes barriers  

• Leads change and gets team and key stakeholders on board 

• Cultivate Talent & Organization: 

• Creates and leads an environment that values diversity, where people can speak up, share bad news and get better outcomes through dialogue and debate  

• Actively builds a pipeline of strong, diverse talent 

• Actively manages the growth and development of talent; takes genuine interest in and provides support for their development 

• Broadly shares accountability and responsibility with others  

• Contributes to building motivated, high performing teams; inspires them to achieve more 

• Recruits, develops and aligns talent needed to meet business goals 

• Delivers Second-Line Risk Management: 

• Commanding knowledge of the Compliance & Ops Risk Program and its application to daily work activity and team priorities; educates others 

• Commanding knowledge of how laws, rules and regulations apply to businesses, functions, products, jurisdictions and/or the enterprise and stays current on changes; educates others 

• Understands and educates others on the business processes (design through execution), the role of effective controls and the potential impact to operational losses 

• Directly or via a team, assesses for and identifies compliance and operational risks in the activities of a FLU/ECF or the Company (EAC) through monitoring, assessment and testing activities 

• Directly or via a team, documents, analyzes, reports and escalates as needed risk issues (e.g., control weaknesses, violations, metric breaches); synthesizes the data for emerging trends or systemic issues  

• Directly or via a team, drives the mitigation of compliance and operational risk through means such as policy reviews and updates, issue remediation/action plans, and training needs; determines approach and possible solutions  

• Communicates risks and issues concisely, clearly and timely; drives transparency and accountability with appropriate parties 

• Executes risk governance and management routines 

• Ensures compliance and operational risks are considered in business activities, including product development and business process changes; uses risk lens when advising the business  

• Escalates risks not being mitigated in a timely manner to appropriate leaders and senior management, regulators and Board of Directors as warranted 

• Demonstrates Analytical Capabilities 

• Leads analysis integrating facts, data, and information to draw accurate conclusions in order to identify root cause 

• Leverages internal/external perspectives and benchmarking to identify potential solutions  

• Develops useful and realistic alternative solutions to problems; selects the best course of action based on pros, cons, timing, and available resource 

Shift:

Hours Per Week: