Onsite Third Party Assessor
Chicago, IL

Job Description

Job Description:

The Third Party Information Security (TPIS) function within Global Information Security is responsible for oversight of third party security programs, including assessing third party security programs and maximizing protections for all aspects of security for the third party landscape.

The Onsite Third Party Assessor will conduct information security and business continuity assessments of vendors providing services to Bank of America. To succeed in this role, you should be highly motivated and possess strong, hands-on, technical knowledge of a wide range of information security and business continuity controls and the processes used for evaluating their design and effectiveness.

You should also possess strong written and verbal communication skills including ability to communicate clearly and concisely to various levels, up to and including executive level management, and explain the need for key controls to technical and non-technical resources.

Technical skills include the domains of information security and business continuity including:

* Information Security Controls (Infrastructure Security, Access Management, Physical Security, Application Security, etc.)
* IT Compliance, SOX Compliance
* Change Management
* Enterprise Risk Management
* Solid grasp of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards

Required Skills:

* Previous information technology/security audit/assessment experience preferred.
* Ability to leverage attention to detail and analytical skills,
* Ability to multi-task and work both independently as well as part of an assessment team
* Ability to plan, execute and document assessment activities following established processes and procedures
* Minimally, CISSP and/or CISA certifications are required as well as five to ten years experience in information security or business continuity
* Must be able to travel up to 50%

Enterprise Role Overview -

As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. Monitors existing and proposed security standard setting groups. State and Federal legislation and regulations. Identifies and escalates changes that will affect information security policy, standards and procedures. Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols. Administers security policies to control access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.

Posting Date: 06/05/2019

Location: Chicago, IL, 135 S LA SALLE ST (IL4135), Addison, TX, 16001 N Dallas Pkwy (TX8044), - United States

Travel: Yes, 50% of the time

Full / Part-time: Full time

Hours Per Week: 40

Shift: 1st shift