Global Technology Compliance and Opertional Risk - GIS BISO OversightCharlotte, North Carolina;Chicago, Illinois; Pennington, New Jersey; Atlanta, GeorgiaJob Description:At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!Job Description:This job is responsible for executing second line of defense compliance and operational risk oversight for a Front Line Unit, Control Function, and/or Third Parties. Key responsibilities include ensuring requirements of the Global Compliance Enterprise Policy, the Operational Risk Management Enterprise Policy (collectively “the Policies”), the Compliance and Operational Risk Management Program and Standard Operating Procedures are implemented and identifying, challenging, escalating, and mitigating risks in a timely manner.Responsibilities:
Assesses risks and effectiveness of Front Line Unit (FLU) processes and controls to ensure compliance with applicable laws, rules, and regulations, while responding to regulatory inquiries, other audits, and examinations
Engages in activities to provide independent compliance and operational risk oversight of FLU or Control Function (CF) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management Program and Standard Operating Procedures
Identifies and escalates problems or issues that arise and drives actions to address the root causes that lead to compliance risk issues and/or operational risk losses
Manages inventory of processes, risks, controls, and associated metrics for risk appetite and limits, reporting violations of compliance or regulatory activities
Assists in the development of independent risk management reporting for respective area(s) of coverage as input into country/regional governance and management routines
Analyzes and interprets applicable laws, rules, and regulations to provide clear and practical advice to stakeholders, and identify and manage risks
Reviews and challenges FLU/CF process, risk, Single Process Inventory, and FLU/CF Risk and Control Self-Assessment related to themes or trends, while monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage
Skills:
Advisory
Monitoring, Surveillance, and Testing
Regulatory Compliance
Reporting
Risk Management
Critical Thinking
Influence
Interpret Relevant Laws, Rules, and Regulations
Issue Management
Policies, Procedures, and Guidelines Management
Business Process Analysis
Decision Making
Negotiation
Process Management
Written Communications
Position will provide Compliance & Operational Risk Oversight multiple GIS BISO functions including BISO Operations & Vertical BISO’s. The role requires you to: Act as Risk Officer for Secure By Design Process Have Oversight on Cloud Security (SaaS) process Overseeing Self Service & Dynamic Code Scans, review of SBOM & Threat Model process as controls Advise GCOR Risk Specialists on performing their monitoring exercises and assist them in day to day activities. Review GIS Policy Exceptions Operations and enhance monitoring coverages Perform In-Line reviews and provide GCOR PoV on in-line reviews. Responsible to connect with stakeholders on a periodic basis Responsible to conduct Targeted Risk Assessments Challenge GIS BISO Operations processes and activities as appropriate Communicate with Executives on a regular basis on your assigned area of coverage / oversight.Technical Skillsets: Expertise in network security principles and technologies. Deep understanding of transmission protocols and secure communication channels. Knowledge of secure by design principles. Good understanding of Cloud Security Principles Experience performing threat modeling using frameworks like STRIDE , IruisRisk. Knowledge of Software Development and in-depth understanding of API’s. Proficiency in conducting technology reviews to assess security controls and identify gaps. Understanding of application scanning tools like CheckMarx / Invicti (NetSparker) Solid grasp of security architecture principles and best practices. Relevant certifications such as CISSP, CCSP, CISA, CISM, or CRISC are highly desirable.Required/Desired Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred. 10+ years of experience in Cyber Security with expertise in multiple information security domains including Cloud. Proven track record of developing and implementing security strategies in complex environments. Strong leadership and communication skills, with the ability to influence stakeholders at all levels. Excellent problem-solving abilities and attention to detail. Ability to thrive in a fast-paced and dynamic environment.Additional Qualifications/Responsibilities:
Communicates and Influences with Impact:
Communicates complex ideas in a way that is clear, direct, concise, simple and contextual; avoids jargon
Shapes the opinions and actions of others, gaining trust & commitment for desired outcomes
Adjusts style and personalizes message to best connect with others; inspires others to follow his/her lead
Constructively challenges; supports opinion and recommendations with facts and data
Shares opinion with confidence; is persistent and tenacious for what is right
Demonstrates productive edge, appropriately voicing and challenging opinions
Demonstrates productive partnering with various stakeholders across the enterprise at all levels
Role models effective communication and influence; develops others on this skill
Demonstrated Business Acumen:
Deep understanding of the organization's overall strategies and how the business operates
Deep understanding of what drives success through subject matter expertise of the products, customer and channels leveraged within the FLU
Identifies and influences business improvements and solutions - Proactively engages team/peers to transfer knowledge of the business
Makes tough business and people decisions
Demonstrated behaviors may include but are not limited to:
Demonstrates the ability to remain flexible and adaptable in order to learn/apply new concepts and stay current on emerging trends (i.e. new technology)
Asks questions in an effort to understand, drawing connections and similarities in order to frame new challenges/opportunities; leverages information to take calculated risks
Proactively brainstorms and researches a wide range of options to find the best solutions to address opportunities
Proactively engages others for feedback as an opportunity to drive improvement (for self and the business)
Delivers Results Through Management & Operational Excellence:
Demonstrates a deep understanding of owned processes and continually seeks opportunities to simplify and improve
Leads the execution of strategies through establishing clear accountability for self and the team
Raises performance expectations through planning and establishing routines to ensure goals are achieved
Proactively identifies and removes barriers
Leads change and gets team and key stakeholders on board
Cultivate Talent & Organization:
Creates and leads an environment that values diversity, where people can speak up, share bad news and get better outcomes through dialogue and debate
Actively builds a pipeline of strong, diverse talent
Actively manages the growth and development of talent; takes genuine interest in and provides support for their development
Broadly shares accountability and responsibility with others
Contributes to building motivated, high performing teams; inspires them to achieve more
Recruits, develops and aligns talent needed to meet business goals
Delivers Second-Line Risk Management:
Commanding knowledge of the Compliance & Ops Risk Program and its application to daily work activity and team priorities; educates others
Commanding knowledge of how laws, rules and regulations apply to businesses, functions, products, jurisdictions and/or the enterprise and stays current on changes; educates others
Understands and educates others on the business processes (design through execution), the role of effective controls and the potential impact to operational losses
Directly or via a team, assesses for and identifies compliance and operational risks in the activities of a FLU/ECF or the Company (EAC) through monitoring, assessment and testing activities
Directly or via a team, documents, analyzes, reports and escalates as needed risk issues (e.g., control weaknesses, violations, metric breaches); synthesizes the data for emerging trends or systemic issues
Directly or via a team, drives the mitigation of compliance and operational risk through means such as policy reviews and updates, issue remediation/action plans, and training needs; determines approach and possible solutions
Communicates risks and issues concisely, clearly and timely; drives transparency and accountability with appropriate parties
Executes risk governance and management routines
Ensures compliance and operational risks are considered in business activities, including product development and business process changes; uses risk lens when advising the business
Escalates risks not being mitigated in a timely manner to appropriate leaders and senior management, regulators and Board of Directors as warranted
Demonstrates Analytical Capabilities
Leads analysis integrating facts, data, and information to draw accurate conclusions in order to identify root cause
Leverages internal/external perspectives and benchmarking to identify potential solutions
Develops useful and realistic alternative solutions to problems; selects the best course of action based on pros, cons, timing, and available resource
Shift:1st shift (United States of America)Hours Per Week:40Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCPEEOSupplementFinalJRFQA508c.pdf) .Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.To view Bank of America’s Drug-free Workplace and Alcohol Policy, CLICK HERE .This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.
