Bank of America Corporation

Cloud Security Design and Controls Lead

Bank of America Corporation$135K — $182K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in cloud security design and implementation
  • Bachelor's degree in Information Systems or Computer Science, or equivalent experience
  • Deep understanding of cloud security for Azure, AWS, and industry frameworks like OWASP and NIST
  • Experience with Infrastructure as Code and Policy as Code governance
  • Conducted security assessments and developed security concepts
  • Familiarity with cloud security tools such as AWS Security Hub and Azure Security Center
  • Active AWS Security Specialty or Azure AZ-500 certification

Responsibilities

  • Design and implement secure cloud architectures that meet business and security objectives
  • Maintain and update risk registers and monitor cloud security risks
  • Act as a liaison to promote a security-first culture across departments
  • Define and implement security controls and policies for cloud environments
  • Continuously enhance security controls and processes
  • Document security controls, policies, and procedures
  • Implement Policy as Code with scripting for cloud security governance

Benefits

  • Access to industry-leading benefits
  • Paid time off provided
  • Resources and support for employee impact
  • Opportunities for community contribution
  • Participation in the annual discretionary incentive plan
Full Job Description
Job Description:

The Information Security Senior Specialist will be a key functional member of the Cloud Security Team within the Global Information Security (GIS) and Business Information Security Officer (BISO) organizations. The role is responsible for implementing, managing, and governing security controls across multi-cloud environments, with a specific emphasis on Azure, AWS and Google platforms, to ensure the protection of organizational data and systems. This role requires deep expertise in cloud security, architecture principles, and industry standards. The ideal candidate will work closely with various teams to ensure the security of cloud-based applications, data, and infrastructure, particularly on platforms like AWS and Azure.

Key Responsibilities (continued from above):
  • Integration with CI/CD Pipelines -
    • Developers ensure that security policies are embedded in CI/CD workflows to enforce compliance during the development and deployment phases.
  • Custom Solutions Development -
    • Off-the-shelf security tools often need customization to fit organizational requirements. Developers can write custom modules, scripts, or extensions to adapt these tools effectively.
  • Collaboration with Security Teams -
    • Developers act as a bridge between security and DevOps teams, ensuring that security policies align with operational workflows without hindering development agility.
  • Governance and Regulatory Compliance -
    • Conduct regular security assessments and audits of cloud environments to identify and mitigate risks.
  • Conduct risk assessments to identify potential security threats and vulnerabilities in cloud environments.
  • Evidence Package Creation
    • Package evidence of security policies deployment and effectiveness proving to non-technical audience, Audit and Governance Teams, the effectiveness of security policies.
  • Participate in internal and external audits to demonstrate compliance with cloud security requirements.


Responsibilities
  • Lead the design and implementation of secure cloud architectures and solutions, ensuring alignment with business objectives and security requirements.
  • Maintain and update risk registers and ensure continuous monitoring of cloud security risks.
  • Act as a liaison between the security team and other departments to promote a security-first culture.
  • Security Controls
    • Define and implement security controls and policies for cloud environments, ensuring compliance with industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and bank security policies.
    • Continuously improve security controls and processes to enhance the organization's security posture.
    • Develop and maintain documentation for security controls, policies, and procedures.
  • Policy as Code (PaC) Implementation
    • Policies are increasingly managed as code, requiring developers skilled in scripting and programming to define, customize, and automate these policies using tools like HashiCorp Sentinel, Open Policy Agent (OPA), and Terraform.


Required Skills:
  • Minimum of 5 years of professional experience designing and implementing cloud security controls.
  • Bachelor's degree in Information Systems or Computer Science, and/or equivalent combination of education and work experience within the domain areas of Cloud Security.
  • In-depth understanding of cloud security principles, best practices for Azure and/or AWS platforms, and industry frameworks such as OWASP Top 10, NIST, CSA, CIS benchmarks.
  • Experience building and implementing Infrastructure as Code and/or Policy as Code governance strategies.
  • Experience conducting security assessments, risk analyses, and developing security concepts.
  • Hands-on experience with cloud security tools and technologies such as AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and/or Wiz.
  • Extensive knowledge of security tools and technologies such as SIEM, IDS/IPS, DLP, firewalls, PKI, and identity management and how they work in cloud environments. Specifically in network security, including AWS networking primitives, security groups, network access control lists, proxies, firewall and WAF technologies.
  • Experience with cloud and containerized technologies, AKS, EKS, ECS, serverless, Kubernetes and Docker.
  • Extensive knowledge of public cloud service providers and the threats to workloads within those environments.
  • Currently hold active AWS Security Specialty or Azure AZ-500 certification.


Desired Qualifications:
  • Master's degree in Information Systems or Computer Science, and/or equivalent combination of education and work experience within the domain areas of Cloud Security.
  • Relevant industry certifications such as ISC2 and SANS GIAC are highly desirable.
  • Strong communication and interpersonal skills to work effectively with cross-functional teams.
  • Ability to manage multiple projects and priorities in a fast-paced environment.


Skills:
  • Customer and Client Focus
  • Interpret Relevant Laws, Rules, and Regulations
  • Policies, Procedures, and Guidelines
  • Problem Solving
  • Quality Assurance
  • Business Process Analysis
  • Data Privacy and Protection
  • Innovative Thinking
  • Risk Analytics
  • Stakeholder Management
  • Business Acumen
  • Business Continuity Management
  • Data Governance
  • External Resource Management
  • Information Systems Management


Shift:
1st shift (United States of America)

Hours Per Week:
40

Pay Transparency details

US - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540)

Pay and benefits information

Pay range

$135,000.00 - $182,100.00 annualized salary, offers to be determined based on experience, education and skill set.

Discretionary incentive eligible

This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.

Benefits

This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

About Bank of America Corporation

Bank of America Merrill Lynch is the corporate and investment banking division of Bank of America. It provides services in mergers and acquisitions, equity and debt capital markets, lending, trading, risk management, research, and liquidity and payments management. It was formed through the combination of the corporate and investment banking activities of Bank of America and Merrill Lynch following the acquisition of the latter by the former in January 2009. Bank of America completed the acquisition of Merrill Lynch & Co on 1 January 2009. Bank of America began rebranding all of its corporate and investment banking activities under the Bank of America Merrill Lynch name in September 2009. In April 2010, Bank of America Merrill Lynch appointed Christian Meissner as head of investment banking for Europe, Middle East and Africa. In April 2011, Bank of America Merrill Lynch integrated its corporate and investment banking operations into a single division. In October 2013, Bank of America Merrill Lynch was recognised as the Most Innovative Investment Bank of the Year in The Banker's Investment Banking Awards.

Bank of America Corporation Careers

Join the dynamic team at Bank of America Corporation, a premier global financial institution where innovation, leadership, and growth go hand in hand. As one of the largest banks in the world, we offer unparalleled job opportunities and a culture that values diversity, inclusion, and professional growth. Work You’ll Do At Bank of America Corporation, you’ll be part of a team that’s dedicated to making a real difference. Whether you’re helping families buy their first home, advising businesses on expansion, or developing cutting-edge financial technologies, your work will have an impact. Our commitment to leadership in the financial industry has never been stronger, and we need passionate, skilled professionals to lead our journey. Explore a World of Opportunities From entry-level positions to leadership roles, Bank of America Corporation offers a variety of career paths in areas such as investment banking, technology, marketing, and risk management. Our job opportunities span the globe, providing the chance to work alongside the best in the industry and develop skills that will propel your career forward. Internship Programs Kickstart your career with Bank of America Corporation’s internship programs. These opportunities provide hands-on experience and a chance to engage in meaningful work that complements your academic studies. Interns gain invaluable networking opportunities, receive mentorship from seasoned professionals, and learn about the culture and operations of a global financial leader. Benefits and Growth Bank of America Corporation is committed to the well-being and continuous professional development of our team members. We offer a competitive benefits package that supports the health, financial stability, and work-life balance of our employees. Our training programs and development initiatives ensure that every team member has the opportunity to grow and advance within the company. Inclusive Culture We believe our strength lies in our diversity. Bank of America Corporation fosters an inclusive environment where all employees can thrive. Through diversity training and a commitment to equal opportunities, we cultivate leadership and innovation that reflect the wide-ranging communities we serve. Join Our Team Are you ready to advance your career at a company that’s at the forefront of the financial industry? Explore the positions available at Bank of America Corporation and find where your skills and interests align with our needs. We are continuously hiring and looking for individuals who are curious, creative, and eager to drive change. Stay Connected Keep up to date with the latest from Bank of America Corporation Careers by subscribing to our job alert emails. Tailor your subscription to receive updates that match your career interests and get insider tips that can help you during your application and interview process. Bank of America Corporation is not just a company—it’s a place where you can shape your future and the future of finance. Join us and be part of a team that’s redefining what a bank can be.
Learn more about Bank of America Corporation
Size
208,000 employees
Market Cap
$260.3 billion
Industry
Net Income
$17.8 billion
Founded
1998
5 Year Trend
-1.4%
NASDAQ

Similar Jobs

More Jobs at Bank of America Corporation

More Information Technology Jobs

Find similar Cloud Security Design and Controls Lead jobs: