1+ months

EAC Compliance & Operational Risk Manager - Access Management

Charlotte, NC 28230
**Job Description:**

The Enterprise Area of Coverage (EAC) Compliance & Operational Risk (C&OR) Manager is a subject matter expert on specific processes, controls, laws, rules and/or regulations that have enterprise-wide applicability, affecting two or more Front Line Units (FLU) or Control Functions (CF). This role is responsible for the execution of the Compliance and Operational Risk Programs (CORM Program), the Global Compliance Enterprise Policy (GC Policy) and the Operational Risk Management Enterprise Policy (ORM Policy) for these enterprise). The EAC C&OR manager identifies, escalates and mitigates risks in a timely manner in alignment with the CRM and ORM Programs and the GC and ORM Policies. The role engages with FLU/CF leaders globally through the FLU/CF compliance and operational risk officer (C&OR) teams to independently advise those leaders on effectively managing the risks related to their area of coverage. By executing the CORM and Policies, the EAC C&OR Manager identifies themes and trends, conducts analysis for new and emerging risks and recommends approaches to mitigate these risks. Activities this role performs for their area of coverage include but are not limited to:

Create and manage a global coverage plan which defines the scope and focus of the second lines risk management activities.

Helps establish, monitor and report on enterprise risk tolerance metric(s) that are translated and connected to relevant business metrics (Key Risk Indicators).

Monitor regulatory environment and participate in industry forums to identify areas of focus and conduct benchmarking.

Create and maintain a regulatory inventory, communicate regulatory changes to and engage the FLU/CF in assessing impacts of regulatory changes for enterprise area of coverage.

Develop and maintain relevant policies or review relevant FLU / CF policies to ensure they reflect regulatory and operational risk requirements.

Advise and direct business leaders through the FLU/CF C&OR officers to ensure that regulatory requirements are addressed in their respective procedures and controls so that their daily activities operate in a compliant manner.

Conduct and contribute to annual and targeted risk assessments.

Review and analyze aggregate results of FLU/CFs Risk and Control Self-Assessments (RCSA) for EAC-specific themes and trends.

Create and manage monitoring and testing coverage plans and related metrics.

Monitor and test the effectiveness of the FLU and CFs processes and compliance and operational risk controls.

Identify, aggregate, report and escalate risks, issues and control enhancements and ensure the C&OR officers for the FLU/CF are aware of issues.

Review and analyze internal and external losses related to their area of coverage for enterprise-wide themes; escalate concerns or loss exposures as appropriate.

Lead or contribute to Scenario Analysis activities to provide a forward-looking estimate of hypothetical operational losses.

Execute governance and management routines.

Identify regulatory training needs, provide subject matter expertise to support development of training curriculum, and inspect FLU/CF.

Advise Risk peers and business leaders in preparations for and participation in regulatory exams and audits. Prepare and participate in EAC-specific exams and audits.

Inspect that gap closure plans and commitments made regarding actions in response to Matters Requiring Attention (MRAs) and other actions are completed.

Escalate regulatory relations concerns to EAC C&OR Executive.

Ensure Compliance and Operational Risk owned issues (i.e., Internal Audit, Regulator and Self-Identified issues) are addressed appropriately and timely.

The EAC Compliance & Operational Risk Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. This role may contribute as a manager responsible for providing leadership direction to attract, assess, develop, motivate and retain a team, or may act as an individual contributor.

Global Risk Management is seeking an Information Security Risk professional to provide Operational Risk and Compliance oversight and strategic enterprise coverage of Identity and Access Management. The role will play a critical role in the overall coverage of Global Information Security and will provide/build a strategic approach for Risk and Compliance coverage on critical Access Management process and controls across the enterprise. The role requires experience and expertise to escalate, debate and challenge significant risks as appropriate across.The primary Operational Risk and Compliance oversight will be focused on Identity and Access Management across the enterprise and will play a key strategic role within the overall Global Information Security 2nd Line coverage team. In addition, the position will engage with the Business Control, Monitoring and Readiness (BCMR) team, with a focus on detecting, remediating and preventing operational risk across the enterprise, including; self-inspection programs; standards, policy and rule governance; and program execution in support of the Bank of America Risk Framework. Coverage includes activities associated with:

+ Monitoring identify, analyze, and provide informed risk challenges on current and emerging trends within the cyber security threat landscape and access management. Monitor key metrics and programs. Participate in governance routines, review of information and key reports / metrics and appropriately challenge.

+ Assessment lead assessment activity related to current and evolving security risks that have the potential to impact the company and/or its customers. Influence and challenge senior executives related to control environments. Evaluate the performance, capability and/or coverage of processes, risks & controls and determining the scope and prioritization of risks, processes and controls to review and test.

+ Testing - Create and review test results and open issues as appropriate upon test failure.

**Additional responsibilities include:** Provide Operational Risk and Compliance guidance to Identity and Access Management Policies and Standards. Provide coverage through risk reviews and assessments to identify opportunities to reduce thematic risks related to access management. Review and challenge security controls and risks related to access management across the company Review and challenge Process, Risks and Controls (PRC) Use subject matter expertise and broad technology experience to provide insight and risk mitigation influence related to businesses processes Conduct program, process and forward looking assessments Effective communication and reporting on operational risk oversight and coverage Maintain knowledge of regulatory expectations related to Information Security and Identity & Access Management.

**Required Skills:** 7+ years in operational risk/information security and financial services, of which at least 3 years must include direct experience in operational risk management and/or information security/access management. Broad technical background with understanding of information security concepts and controls. 2+ years experience with information security technology Expertise in writing and presenting risk assessments to key executives and regulators Demonstrated knowledge of general application and infrastructure architecture Strong ability to self direct work and area of focus and to established appropriate timelines and execution. Excellent written and verbal communication skills Broad knowledge across many functional business areas Ability to translate complex process, application and technology control gaps into risk Ability to identify issues Relationship management skills and ability to interface confidently with associates of all levels, including senior executives Ability to influence at all management levels in a complex organization Ability to align against a strategic priority and organize and deliver results

**Desired Skills:** Information Security and Risk related certifications (CISSP, SANS, CRISC or CPSM) Technology experience Regulatory and/or Audit Experience Understanding of regulatory reporting functions and processes preferred Ability to present technical information to non-technical persons

**Posting Date** : 05/13/2019

**Location** :


- United States

**Travel** : Yes, 5% of the time

**Full / Part-time** : Full time

**Hours Per Week** : 40

**Shift** : 1st shift

**Assistance for Applicants with Disabilities**

Bank of America is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please visit the Applicants with Disabilities page at http://careers.bankofamerica.com/us/applicants-with-disabilities .

**Diversity & Inclusion**

At Bank of America, our commitment to diversity and inclusion is helping us to create not only a great place to work, but also an environment where our employees, our customers and our communities around the world can reach their goals and connect with each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

**Frequently Asked Questions**

Need to know how to apply online, view a list of your submitted job applications or reset your password? Visit our FAQ at http://careers.bankofamerica.com/us/faq section for answers to these questions and more.


  • Banking / Finance
Posted: 2019-05-15 Expires: 2019-09-11

Success begins with building relationships.

At Bank of America, our customers are at the center of everything we do. Our focus is on helping each one find the right financial solutions. With a wide range of career opportunities available, we invite you to realize your career goals with us while assisting customers with what matters most to them.

Welcome to Careers at Bank of America.

Sponsored by:
Farm Credit Services of America Logo
Sponsored by:
Bank of America Logo

Featured Jobs[ View All ]

Featured Employers

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

EAC Compliance & Operational Risk Manager - Access Management

Bank of America
Charlotte, NC 28230

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast