Job Description:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.
One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.
Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.
Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!
Job Description:
This job is responsible for leading and executing the second line of defense compliance and operational risk oversight for Identity and Access Management (IAM), which includes Privileged Access, Authentication mechanisms, etc. In addition, this role will also lead the IAM GCOR Single Process Inventory (SPI) & Monitoring team. The IAM COR SPI & Monitoring lead has responsibility for executing COR program elements including the development and execution of monitoring and testing and SPI oversight and governance aligned to the Identity and Access Management program. In addition, this role will operate as a delegate for the IAM Executive on occasion, covering all aspects of IAM risk.
Key responsibilities include leading a compliance and operational risk team and ensuring requirements of the Global Compliance Enterprise Policy, the Operational Risk Management Enterprise Policy (collectively “the Policies”), the Compliance and Operational Risk Management Program and Standard Operating Procedures are implemented and the team is identifying, challenging, escalating, and mitigating risks in a timely manner.
The Executive Leader Must:
Demonstrate the stature required to review and challenge, oversee, and manage compliance and operational risk for the global identity and access management capabilities delivered in the first line, led by the first line executive(s) reporting to the Global Chief Information Security Officer (CISO)
Bring deep technology subject matter expertise in IAM and experience in managing these technologies and risks in highly complex environments
Demonstrate strong relationship skills and the ability to operate at a global executive level working closely with both 1st and 2nd line global information security leaders
Demonstrate disciplined execution, characterized by strong management and delivery skills with past success in leading large cybersecurity teams globally
Serve on the extended Senior Leadership Team for Information Security Compliance and Operational Risk globally, contributing to its strategy and the successful delivery of its services as part of an integrated cyber compliance and operational risk team
Responsibilities:
Oversees the assessment of risks, associated controls and their effectiveness, while driving compliance with applicable laws, rules, and regulations and adhering to policies
Oversees engagement in activities which provide independent compliance and operational risk oversight of Front Line Unit or Control Function performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management Program and Standard Operating Procedures
Oversees identification and escalation of problems or issues that arise and drives actions to address the root causes that lead to compliance risk issues and/or operational risk losses
Oversees and manages inventory of risks and associated metrics for risk appetite and limits, reporting violations of compliance or regulatory activities
Manages the development of independent risk management reporting for respective area(s) of coverage for inputs into management routines which could include country/regional governance
Oversees monitoring of the regulatory environment to identify regulatory changes applicable to area(s) of coverage
Managerial Responsibilities:
This position may also have responsibilities for managing associates. At Bank of America, all managers at this level demonstrate the following responsibilities, in addition to those specific to the role, listed above.
Diversity & Inclusion Champion: Breaks down barriers to create a more inclusive environment that supports company D&I goals.
Manager of Process & Data: Challenges end-to-end process efficiency and effectiveness, champion data driven decision-making and removes obstacles to optimize operations.
Enterprise Advocate & Communicator: Contributes to enterprise strategy and influence messaging to connect team contributions to business purpose, results, and success.
Risk Manager: Inspects and challenges risk controls, governance and culture to ensure the timely identification, escalation, debate and remediation of risk across the organization.
People Manager & Coach: Coaches to sustain and elevates organizational performance while differentiating to ensure pay for performance.
Financial Steward: Efficiently allocates and manages resources across the organization to drive short and long term profitability.
Enterprise Talent Leader: Inspects and manages the health of the bench to ensure succession for the organization, while supporting enterprise talent needs.
Driver of Business Outcomes: Mobilizes organizational resources to deliver the full range of the bank’s capabilities to meet client needs and to gain competitive advantage.
Skills:
Subject Matter Expertise
Advisory
Decision Making
Interpret Relevant Laws, Rules, and Regulations
Regulatory Compliance
Risk Management
Executive Presence
Issue Management
Policies, Procedures, and Guidelines Management
Prioritization
Written Communications
Business Acumen
Business Process Analysis
Critical Thinking
Negotiation
Resource Management
Required Qualifications:
10+ years of cybersecurity experience and management of a cybersecurity function, or other relevant discipline
Technology and operations experience in a complex banking environment
In depth understanding of the software development lifecycle, change management process, and commonly used cybersecurity tools
Understanding of functional and non-functional requirements, business objectives for software, and technology strategy and planning
Degree Required: Bachelor’s Degree
Desired Qualifications:
Additional Technical/Functional Experience (e.g. Industry type): Financial Services or similarly regulated sector
Communicates and Influences with Impact
Communicates complex ideas in a way that is clear, direct, concise, simple and contextual; avoids jargon
Shapes the opinions and actions of others, gaining trust & commitment for desired outcomes
Adjusts style and personalizes message to best connect with others; inspires others to follow his/her lead
Constructively challenges; supports opinion and recommendations with facts and data
Shares opinion with confidence; is persistent and tenacious for what is right
Demonstrates productive edge, appropriately voicing and challenging opinions
Demonstrates productive partnering with various stakeholders across the enterprise at all levels
Role models effective communication and influence; develops others on this skill
Shift:
1st shift (United States of America)
Hours Per Week:
40
