Information Security Controls Specialist

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:

Your background

• Strong operational mindset and detail-oriented
• Excellent analytical & problem-solving skills with good conceptual thinking
• Comfortable presenting to executives and senior management
• Understanding of information security principles, processes, and controls
• Knowledge of APAC laws, rules, and regulations impacting information security
• Excellent command of the English Language, with strong verbal and written communication skills
• Bachelor’s degree in Information Technology or related field
• CISSP or CISA Certification preferred

What you can expect

The Global Information Security Risk, Regulatory & Policy team in Asia Pacific (GIS APAC RRP team) provides oversight for holistic alignment across laws, rules, and regulations (LRRs), information security policy, controls, and metrics in Asia Pacific to provide assurance of adherence and to enable GIS to continuously identify, analyze, and resolve cyber security risk in alignment with the company’s risk appetite.

The GIS APAC Regulatory & Exam Management Consultant will be responsible to solicit, review and deliver responses on information security processes and controls for regulatory exams, external meetings, surveys, questionnaires, internal audits, and compliance engagements covering all countries in Asia Pacific. He/ She is required to collaborate with internal stakeholders and various global GIS control owners in formulating such responses for any enquiries. He/ She will also consult on-demand with internal stakeholders on alerts and advisories published by regional regulators.

This role will require competency in information security processes and controls and a strong operational mindset.

What you will do

• Responsible to solicit, review and deliver responses on information security processes and controls for regulatory exams, external audits and meetings, surveys/questionnaires, attestations, internal audits, and/or compliance engagements, including obtaining senior management approvals for the release of all responses.
• Consults on-demand with internal stakeholders on alerts and advisories published by regional regulators.
• Responsible to collaborate with internal stakeholders in identifying, onboarding and submitting non-financial regulatory reports (NFRR) change requests related to information security in a timely and accurate manner.
• Assists Regulatory & Exam Management team in providing regional governance and support for escalation of potentially regulatory-reportable cyber incidents.
• A self-starter, team player with a strong people-influencing skillset
• Drive Regulatory & Exam Management team’s initiatives including globally driven ones based on annual strategy.
• Ensure team’s processes and playbooks are up-to-date, effective and efficient.
• 6-9 years of cyber security/risk/regulatory experience
• Certification desired but not required: CISSP, CRISC, CISM
• Conduct cyber risk assessment in support of technology initiatives to help identify IT related risk and determine appropriate controls to mitigate risks.
• Monitor, track, and manage risk mitigations and exceptions and ensure adequate monitoring capability is incorporated into solutions.