Business Information Security Officer (BISO)

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities, and shareholders every day.

The Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization, working closely with the line of business, their COOs, and supporting technology teams from the Chief Information Officers (CIOs)/Chief Technology Officers (CTOs).

This role involves supporting a team to develop a deep understanding of the business to facilitate specialized, risk-based information security discussions. It ensures a focus on the right risk priorities and provides guidance on information security topics, policies, and controls.

1. Contribute to the development, implementation, and maintenance of information security initiatives for the line of business (LOB).
2. Serve as an Information Security subject matter expert and liaison with GIS teams, participating in the development and maintenance of security programs for both the LOB and the enterprise.
3. Advise LOB management on risk issues related to information security and recommend appropriate actions.
4. Monitor internal and external information security trends and keep LOB leadership informed about relevant issues.
5. Manage information security control alignment reporting to LOB Leadership.

1. Drive GIS/LOB risk deliverables.
2. Collaborate with risk partners on critical information security priorities.
3. Participate in senior LOB Risk Management & Business Continuity routines.
4. Identify and measure global information security controls on critical business processes or channels.

1. Build strong relationships with peer technology groups and supported LOB.
2. Support the triage process with clients and clarify the GIS support structure.
3. Promote a risk-aware culture and partnership with technology teams and LOB.
4. Participate in CIO routines to shape information security risk strategy.
5. Have a solid understanding of security in big data and large data structures.

1. 2-5 years of experience in technology and over 5 years in information security.
2. Subject matter expertise in application security, vulnerability testing, system testing, and Agile lifecycle management.
3. Strong knowledge and experience with the specific LOB (e.g., CSBB/GBM).
4. 1-2 years of risk management experience, including application risk classification and control assessments.
5. Excellent presentation and communication skills.

1st shift (United States of America), 40 hours per week.

Salary range: $98,200 - $146,600 annually, based on experience, education, and skills. Eligible for discretionary annual incentives and benefits. Benefits include paid time off, resources, and support to contribute to community and business growth.