Third Party Info Security Consultant

Job Description:

Job Title: Third Party Info Security Consultant

Corporate Title:  VP

Location:

Company Overview:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection.  We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth.  This includes our commitment to being a diverse and inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact.  Join us!

Role Description:

This job is responsible for performing information security reviews of third parties that provide services to the bank. Key responsibilities include working with third parties to review their information security technical controls, collect and review documentation during an assessment to determine if they meet Bank of America information security controls. This could include working from their offices (on site) in EMEA or virtually from the bank’s office using collaboration tools. Following assessment, documenting gaps and areas of non-compliance in workpapers and generating summary assessment reports. Key responsibilities span pre-assessment, assessment and reporting

Responsibilities:

•           Partners with third parties to ensure they are prepared for information security assessments including answering detailed questions from them and describing the bank’s assessment process

•           Evaluates a third party’s information security risk and technical control with a holistic lens to determine if they meet Bank of America requirements

•           Discusses information security gaps in the third party’s program with their Subject Matter Experts

•           Escalates issues and risks identified during the assessment

•           Manages the Global Information Security  relationship with third parties and the bank’s Enterprise Vendor Managers (EVMs)       

•           The role will require travel within the EMEA region (up to 20% of the time)

•           The ability to interact with internal or external stakeholders including business partners and/or external parties to identify, analyse, and resolve complex problems or security gaps

•           The ability to objectively assess risk information from various sources and synthesize it towards making a reasoned and supportable judgment

What we are looking for:

•           Technical skills relating to the domains of information security including:

•           Information Security Controls (Infrastructure Security, Logical Access Management, Application Security, Threat and Vulnerability, Network Security Management.)

•           IT Compliance, SOX Compliance

•           Change Management and Business Continuity

•           Enterprise Risk Management

•           Experience in Information Security and/or IT Audit

•           Solid grasp of NIST, ISO, SDLC, COBIT standards

•           Technical writing and verbal communication skill

•           Ability to coordinate multiple assessment activities in parallel

Skills that will help:

•           Information Security certifications, including ISO27002 / CISSP / CEH / CISM / CISA

•           Knowledge of NIST guidelines

•           European business and technical language skills

Bank of America:

Good conduct and sound judgment is crucial to our long term success. It’s important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind-set are the cornerstones of our Code of Conduct and are at the heart of managing risk well.

We are an equal opportunities employer and ensure that no applicant is subject to less favourable treatment on the grounds of gender/sex, gender identity or gender reassignment, marital or civil partner status, race, religion or belief, colour, nationality, ethnic or national origins, membership of the Traveller community, age, sexual orientation, pregnancy or maternity, civil status,  socio-economic background, responsibility for dependants, family status or physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience.

We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements.