Description

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Position Summary:

The Third Party Cyber Assurance (TPCA) function within Global Information Security is responsible for oversight of third party security programs, including assessing third party security programs and maximizing protections for all aspects of security for the third party landscape. The TPCA Pre Assessment Risk Analyst team member will assist in assessment scope determination, meeting with Enterprise Vendor Managers and Third Party Subject Matter Experts (SME's) to prepare them for the assessment, documentation collection (e.g. TruSight or vendor provided policies/procedures) and preparation of assessment work-papers.

Your primary responsibility will be to ensure each third party is prepared for the assessment and gather an understanding of the third party security risk environment. You will interact regularly with Enterprise Vendor Managers and Third Parties and act as single point of contact to prepare the Third Party for the assessment and while answering detailed risk questions. You will engage with the Third Parties security team to understand their control environment, control strength, and review information security policies/procedures for completeness.

Based upon your meetings, you will populate the assessment workpapers with detailed information for the third party assessors to document gaps and determine remediation approaches. Success in this role requires persistence, intellectual curiosity, and sound judgement - the ability to move beyond initial responses, challenge incomplete information, and continue probing until risk is clearly understood, documented, and addressed.

Required Qualifications:

• 2+ years in Information Security, Risk Management, or related discipline
• Exhibits a consistent investigative, risk focused mindset
• Outstanding verbal and written communication skills
• Strong analytical and critical thinking abilities with a logical, structured problem-solving approach
• Resilient, disciplined, and self-directed
• Ability to engage, challenge, and collaborate effectively with business and non-technical owners
• Strong growth mindset with a willingness to expand risk and technical knowledge
• Ability to manage competing priorities and shifting timelines without compromising quality.

Desired Qualifications:

• Bachelor's degree in Information Technology, Information Security or related field
• Optional Certifications: CISSP (ISC2), CISA, CRISC, CISM (ISACA), CCIE (Cisco), TOGAF, CCTA (McAfee), CCFP (ISC2).

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:
1st shift (United States of America)

Hours Per Week:
40

Pay Transparency details

US - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540)

Pay and benefits information

Pay range

$95,000.00 - $143,600.00 annualized salary, offers to be determined based on experience, education and skill set.

Discretionary incentive eligible

This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.

Benefits

This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.