Business Information Security Officer (BISO) - Technology

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities, and shareholders every day.

The Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business, their COOs, and supporting technology teams from the Chief Information Officers (CIOs)/Chief Technology Officers (CTOs).

In this role, you will support a team to develop a deep understanding of the business to facilitate specialized, risk-based information security discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies, and controls.

• Contribute to ongoing information security initiatives, including development, implementation, and maintenance for the line of business (LOB).
• Serve as an Information Security subject matter expert and liaison with GIS teams, participating in the development, implementation, and maintenance of security programs for both the LOB and the enterprise.
• Advocate for LOB investments impacting information security.
• Advise LOB management on security risk issues and recommend actions supporting broader risk management and compliance programs.
• Monitor internal and external information security trends and inform LOB leadership about relevant issues.
• Manage information security control alignment reporting to LOB Leadership.

• Drive GIS/LOB risk deliverables.
• Collaborate with risk partners on critical information security priorities.
• Participate in senior LOB Risk Management & Business Continuity routines.
• Identify and measure security controls on critical processes or channels.

• 2-5 years of experience in technology and over 5 years in information security.
• Subject matter expertise in application security, vulnerability testing, system testing, and Agile lifecycle management.
• Strong knowledge and experience related to the specific business line (e.g., CSBB/GBM).
• 1-2 years of risk management experience, including application risk classification and control assessments.
• Excellent presentation and communication skills.

1st shift (United States)

40

Locations: Washington, DC, and Chicago, IL.

Pay range: $99,200 - $145,100 annually, based on experience, education, and skills.

This role is eligible for participation in the annual discretionary incentive plan, contingent on individual and company performance.

This role is benefits-eligible, offering industry-leading benefits, paid time off, and resources to support employees' impact and contribution to sustainable growth.