The Third Party Assessment Quality Assurance role will ensure that the information security assessments on vendors providing services to Bank of America are consistent and the controls are met. To succeed in this role, you should be highly motivated and possess strong, hands-on, technical knowledge of a wide range of information security and business continuity controls and the processes used for evaluating their design and effectiveness.
You should also possess strong written and verbal communication skills including ability to communicate clearly and concisely to various levels, up to and including executive level management, and explain the need for key controls to technical and non-technical resources.
Technical skills include the domains of information security and business continuity including:
- Information Security Controls (Infrastructure Security, Access Management, Physical Security, Application Security, etc.
- IT Compliance, SOX Compliance
- Change Management
- Enterprise Risk Management
- Solid grasp of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards
- Previous information technology/security audit/assessment experience preferred.
- Ability to leverage attention to detail and analytical skills,
- Ability to multi-task and work both independently as well as part of an assessment team
- Ability to plan, execute and document assessment activities following established processes and procedures
- Minimally, CISSP and/or CISA certifications are required as well as five to ten years' experience in information security or business continuity
- Bachelor's degree in Information Technology or related field
- Ability to work with Technical and Non-Technical business owners
- Information Security, Sourcing/ Vendor Management, Business Continuity & recovery, Data Transmission, Privacy
- Experience supporting regulatory or sector policy initiatives.
- Experience with assessments based on relevant threat intelligence (network penetration testing, Red Teaming, etc.).