8,036 Information Security Management jobs in the United States

Manager Information Security Risk Management

This range is provided by Harris Health. Your actual pay will be based on your skills and experience talk with your recruiter to learn more.

Base pay range

$129,292.00/yr - $71,329.00/yr

Direct message the job poster from Harris Health

Talent Acquisition Partner, Information Technology, Harris Health System

Harris Health System is the public healthcare safety-net provider established in 1966 to serve the residents of Harris County, Texas. As an essential healthcare system, Harris Health champions better health for the entire community, with a focus on low-income uninsured and underinsured patients, through acute and primary care, wellness, disease management and population health services. Ben Taub Hospital (Level 1 Trauma Center) and Lyndon B. Johnson Hospital (Level 3 Trauma Center) anchor Harris Healths robust network of 39 clinics, health centers, specialty locations and virtual (telemedicine) technology. Harris Health is among an elite list of health systems in the U.S. achieving Magnet nursing excellence designation for its hospitals, the prestigious National Committee for Quality Assurance designation for its patient-centered clinics and health centers and its strong partnership with nationally recognized physician faculty, residents and researchers from Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); The University of Texas MD Anderson Cancer Center; and the Tilman J. Fertitta Family College of Medicine at the University of Houston.

JOB SUMMARY:

The Manager Information Security Risk Management reports to the Vice President and Chief Information Security Officer (CISO) and develops, maintains and executes a continuous, flexible information security risk management program that aligns with Harris Health's overall strategic business and IT goals, and addresses the higher-risk areas and concerns of Executive Management. Works alongside the Harris County attorney team and the Harris Health corporate compliance department to review third-party contracts and ensure compliance to standards and regulations regarding information access, security, and privacy. Leads all phases of internal and third-party risk assessments as-well-as planned IT audits and reviews. Coordinates internal and third-party security audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, ISO audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance/regulatory audits. Assists VP/ CISO with decisions regarding risk and audit planning, testing plans and methodologies for risk and audit projects. Assists VP/CISO in determining reportable observations, findings and recommendations to relay to Executive Management and Board of Trustees. Develops and publishes cyber related risk and audit reports and reviews. Drafts and updates various departmental and organization-wide information security policies.

MINIMUM QUALIFICATIONS:

Education/Specialized training/Licensure:

• CISSP required.
• CRISC, CISA, HCISPP, CIPP, GSNA, or CCSP, must have obtained (1) additional certification within six (6) months of accepting position. Preferred

CISSP (required); Must have obtained one (1) additional certification within six (6) months of accepting position.

WORK EXPERIENCE:

6 years' work experience. Extensive knowledge of HIPAA Security rule, HITECH, Payment Card Industry (PCI), NIST Cybersecurity Framework. In addition, understanding of NIST SP 800-53r4, COBIT, and ITIL frameworks preferred. RSAM or other GRC tools experience preferred. Previous IT audit and risk management experience, or equivalent combination of education and experience.

MANAGEMENT EXPERIENCE:

Three (3) years of experience in Cyber Security or related field.

SPECIAL REQUIREMENTS:

Communication Skills:

Exceptional Verbal (Public Speaking

Other Skills:

Analytical, Statistical

Seniority level

• Seniority level Not Applicable

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Hospitals and Health Care

Referrals increase your chances of interviewing at Harris Health by 2x

Inferred from the description for this job

Medical insurance

Vision insurance

401(k)

Disability insurance

Get notified about new Information Security Manager jobs in Greater Houston .

VP Chief Information Security Officer (CISO) Director, IT Governance, Risk, and Compliance

Houston, TX 85,000 - 90,000 3 months ago

Manager Cyber Assessment, Federal IT Compliance Issues Manager Tax Legal Business Associate Manager TTC

Houston, TX 108,430 - 246,870 3 weeks ago

Tax Legal Business Associate Manager TTC Sr Engineer, Cyber Insider Threat - Network Activity Logs - Remote Director, Senior Cloud Security Architect

Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Information Security Risk Management Lead

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the worlds most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values Protect, Improve, Grow underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

Job Information

Functional title - Information Security Risk Management Lead

Department - Risk

Corporate level - Director

Report to - Head of Technology & Information Security Risk Management

Location - New York / New Jersey

Expected full-time salary range between $180K - $225K + variable compensation + 401(k) match + benefits.

What You Will Be Doing

Job purpose:

The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.

Essential Functions / Major Duties and Responsibilities of the Job

Strategic:

• Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
• Risk Assessments Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
• Process Improvements Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
• Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk.

Operational:

• Review and Credible Challenge Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
• Risk Oversight Lead in executing oversight of information security risks by performing the following:
  • Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.
  • Review and monitor the progress of actions and validate appropriateness of closure evidence.
  • Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence.
  • Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program.
  • Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
  • Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
• Project Oversight Lead in executing project oversight for information security risks by performing the following:
  • Provide challenge of risk management of material information security projects that may impact the firm's risk profile.
  • Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
  • Review project benefits and closure artifacts in preparation for transition to BAU.
• Governance Actively present to various committees and forums to keep management educated on changes to CLS risk appetite.
• Relationship Management Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
• Advisory Services Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
• Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.

Leadership:

• • Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development.
  • Provide guidance and support to junior members of the team.
  • Interact with and present to regulatory bodies in regular continuous monitoring meetings.
  • Ability to partner, influence, and maintain credibility with the business

What We're Looking For

• • 10+ years of experience specifically related to information security governance, operations, and risk management.
  • Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
  • Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements.
  • Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
  • Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.
  • Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as:
  Cyber resilience Identity & privileged access management Secure coding practices Incident response Artificial Intelligence Third-party risk management Cloud security configuration and control frameworks Threat/vulnerability management Network security

Professional qualifications / certifications:

• B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent).
• Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC.
• Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA.
• Proficiency in MS PowerPoint and Excel.
• Experience in broader MS Office suite, including Project and Visio is a plus
• Experience with enterprise GRC tools, e.g. Archer is a plus

Our Commitment to Employees

At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

• Holiday - UK/Asia: 25 holiday days and 3 'life days' (in addition to bank holidays). US: 23 holiday days.
• 2 paid volunteer days so that you can actively support causes within your community that are important to you.
• Generous parental leave policies to ensure you can enjoy valuable time with your family.
• Parental transition coaching programmes and support services.
• Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world's most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle - whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values underpin everything that we do at CLS and define our working environment:

• Pivotal purpose
• Trusted guardian
• Targeted innovation
• Facilitate connections
• Delivering excellence
• Inclusive culture

Job information:

• Functional title - Information Security Risk Management Lead
• Department - Risk
• Corporate level - Director
• Report to - Head of Technology & Information Security Risk Management
• Location - New York / New Jersey
• Expected full-time salary range between $ 180K - $225K + variable compensation + 401(k) match + benefits.
  • Note: Disclosure as required by NY Pay Transparency Law of the expected salary compensation range for this role.

What you will be doing:

Job purpose

The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.

Essential Function / major duties and responsibilities of the job

Strategic

• Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
• Risk Assessments - Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
• Process Improvements - Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
• Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk.

Operational

• Review and Credible Challenge - Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
• Risk Oversight - Lead in executing oversight of information security risks by performing the following:
  • Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.
  • Review and monitor the progress of actions and validate appropriateness of closure evidence.
  • Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence.
  • Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program.
  • Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
  • Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
• Project Oversight - Lead in executing project oversight for information security risks by performing the following:
  • Provide challenge of risk management of material information security projects that may impact the firm's risk profile.
  • Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
  • Review project benefits and closure artifacts in preparation for transition to BAU.
• Governance - Actively present to various committees and forums to keep management educated on changes to CLS risk appetite.
• Relationship Management - Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
• Advisory Services - Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
• Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.

Leadership

• • Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development.
  • Provide guidance and support to junior members of the team.
  • Interact with and present to regulatory bodies in regular continuous monitoring meetings.
  • Ability to partner, influence, and maintain credibility with the business

What we're looking for:

• • 10+ years of experience specifically related to information security governance, operations, and risk management.
  • Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
  • Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements.
  • Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
  • Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.
  • Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as:
  v Cyber resilience
  
  v Identity & privileged access management
  
  v Secure coding practices
  
  v Incident response
  
  v Artificial Intelligence
  
  v Third-party risk management
  
  v Cloud security configuration and control frameworks
  
  v Threat/vulnerability management
  
  v Network security

Professional qualifications / certifications

• B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent).
• Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC.
• Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA.
• Proficiency in MS PowerPoint and Excel.
• Experience in broader MS Office suite, including Project and Visio is a plus
• Experience with enterprise GRC tools, e.g. Archer is a plus

#LI-DK1

Our commitment to employees:

At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

• Holiday - UK/Asia: 25 holiday days and 3 'life days' (in addition to bank holidays). US: 23 holiday days.
• 2 paid volunteer days so that you can actively support causes within your community that are important to you.
• Generous parental leave policies to ensure you can enjoy valuable time with your family.
• Parental transition coaching programmes and support services.
• Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
• Employee Networks (including our Women's Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about inclusivity.
• Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don't.
• Active support of flexible working for all employees where possible.
• Monthly 'Heads Down Days' with no meetings across the whole company.
• Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
• Private medical insurance and dental coverage.
• Social events that give you opportunities to meet new people and broaden your network across the organisation.
• Annual flu vaccinations.
• Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
• Discounted Gym membership - Complete Body Gym Discount/Sweat equity program for US employees.
• All employees have access to Discover - our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
• Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.

Job Description

Hearst Technology, Inc, Information Security Office seeks a Manager, Information Security Risk Management. The Manager, Information Security Risk Management is responsible for assessing risk and managing risk information for the organization and key business units. This position assesses information security risk within essential technology functions, key business processes, documentation, and collaborates with key business leaders to assist in reducing risk and maturing the overall control environment. This position will also support Audit and Compliance functions within Hearst, focusing on PCI and HIPAA.

Team Alignment: Governance, Risk, and Compliance (GRC) Team. The GRC Team is multi-faceted and focuses on driving business value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.

• Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies. Subsequently, work with various business units, as needed, to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.
• Maintain the IT risk register and risk dashboard keeping risks, and their response plans up to date; will be required to work with cross-functional teams and businesses.
• Prepare detailed recurring risk management reports with associated metrics.
• Support the implementation of a risk program including enhancing processes supporting accountability, exception requests, and overall risk reduction in accordance with NIST and COBIT Cybersecurity frameworks.
• Support vendor due-diligence process and help define overall third-party risk management efforts.
• Support risk-focused governance entities such as forums and steering committees.
• Support internal and external audit processes for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.
• Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach to delivering work products and key services.
• Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level. Collaboratively interface with global IT and business partners to provide guidance and support.
• Design and implement improvements in risk-related documentation.
• Other related duties as assigned.

Who You Are: As a mid-level position, comfort and experience with all aspects of governance, risk, and compliance is required.

Technical Skills

• Experience with IT governance, risk, and compliance management in a large global environment, while working with geographically dispersed, multidisciplinary teams.
• Experience conducting risk assessments and managing risk across departments and functions.
• Strong foundation in PCI and HIPAA compliance requirements and testing.
• Familiarity with an integrated risk management platform.
• Familiarity with security frameworks, particularly NIST and COBIT Cybersecurity Frameworks and HITRUST.
• Basic understanding and knowledge of technical fundamentals such as networking concepts, cloud computing, application development, and security best practices.
• Proficiency with Word, Excel, PowerPoint, JIRA, SharePoint.
• Experience with GRC and risk management platforms such as Prevalent and TruOps is desired.

Soft Skills

• Strong work ethic with attention to detail and demonstrated analytical abilities.
• Attention to detail, verbal and written communication, and initiative; able to apply constructive feedback to enhance managing risk.
• Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging.
• Self-motivated with excellent planning and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities.
• Professional customer orientation with a strong commitment to providing a high standard of customer satisfaction.
• Ability to deliver client-ready documentation and participate in relevant client meetings; able to work across teams effectively and efficiently.
• Working understanding of project management principles, processes, and documentation.
• Ability to collaborate with internal and external stakeholders.

Qualifications

• Bachelor's Degree in Information Technology, Computer Science, or equivalent.
• Minimum 5 years of relevant experience in a risk management role with at least 2 years of practical experience in Audit and Compliance.
• Industry standard certification such as CISA, CRISC, CISM, ARM, CISSP, ISO 27001, ISO 27005 is desired.

About Us

Hearst is one of the nation's largest global, diversified information, services and media companies.

Hearst has been innovating for more than a century, leading with purpose, integrity and a culture of care, with a mission to inform audiences and improve lives.

The company's diverse portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; 35 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and more than 200 magazines around the world.

Hearst is always moving forward, investing in healthcare solutions to improve patient outcomes and technology that curbs emissions; providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming.

With a commitment to maintaining the highest quality in its products and services, Hearst is dedicated to serving the communities it operates in, both civically and philanthropically.

Hearst is an Equal Employment Opportunity employer. We do not discriminate in hiring on the basis of race, color, national origin, religion, creed, sex or gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, military or veteran status, or any other characteristic protected by federal, state, or local law.

Information Security Threat Management Specialist
Charlotte, North Carolina
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge
Refer a friend
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge ( Description:**
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.
Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.
At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
**Position Summary:**
This job is responsible for assessing the bank's technologies, applications, and overall security controls to identify potential risks and vulnerabilities that may impact Bank of America's information security. Key responsibilities include developing a better understanding of Bank of America's Global Information Security policy and relevant cyber security threats to complete security assessments. Job expectations include developing technical subject matter expertise to support partners, and adapting testing methods to emerging cyber security regulations and evolving threats.
**Responsibilities:**
+ Assesses systems controlling access to bank resources for compliance to security policies and controls by utilizing external threat frameworks, internal threat intelligence, and systems documentation
+ Analyzes, improves, implements, and executes security controls proactively to identify risks of threat actors from infiltrating company systems or information
+ Leverages risk management practices, and internal escalation processes to document findings for remediation
+ Monitors new threats and complex attempts to compromise security controls while developing a deep expertise in the early lifecycle for security techniques to identify vulnerabilities before they present a risk to the bank
+ Develops strong partnerships by demonstrating operational expertise as a subject matter expert
**Skills:**
+ Critical Thinking
+ Customer and Client Focus
+ Information Systems Management
+ Problem Solving
+ Threat Analysis
+ Cyber Security
+ Policies, Procedures, and Guidelines Management
+ Quality Assurance
+ Risk Analytics
+ Technology System Assessment
+ Business Acumen
+ Business Intelligence
+ Data Privacy and Protection
+ Data and Trend Analysis
+ Stakeholder Management
**Required qualifications:**
+ 3-5 years working counterintelligence investigations with demonstrated knowledge of hostile nation state threats
+ Bachelor's degree in Information Technology and/or International Studies
+ A broad knowledge of computer networking, log analysis, information security principles, and adversarial tools and techniques
+ Demonstrated ability to identify, analyze and address cyber security issues or threats, including emerging tactics or techniques
+ Proficiency with executive-level tracking and reporting, including expertise in Jira and Excel
+ Must be comfortable presenting to a wide spectrum of individuals having varying degrees of technical understanding
+ Strong project management skills
+ Strong program management skills
+ Ability to work independently with little oversight managing multiple investigations simultaneously
+ Demonstrated vendor management skills
+ Strong analytical skills/problem solving/conceptual thinking
+ Ability to resolve issues with minimal negative impact and risk to the organization.
**Desired qualifications:**
+ At least 10 years of experience working with classified/sensitive information
+ At least 10 years of experience working national security threats within the law enforcement/intelligence community
+ At least 10 years of experience working in a task force environment
+ Advanced degree in Information Technology and/or International Studies
+ Experience in the remediation of information security risks/vulnerabilities
**Shift:**
1st shift (United States of America)
**Hours Per Week:**
40
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "Know your Rights" poster, CLICK HERE ( .
View the LA County Fair Chance Ordinance ( .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work.
This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

Global Information Security Regulatory Management Specialist
Denver, Colorado
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge
Refer a friend
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge ( Description:**
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.
Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.
At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
GIS Policy Regulatory Management Specialist represents Global Information Security (GIS) while working with Compliance, Risk, Legal, FLU's and Enterprise functions, consulting on all regulations with Global Information Security applicability. Expected to read published laws rules regulations and guidance's (LRRGs), understand how they apply to GIS and map them to GIS policy. Maintain the inventory of LRRGs and mappings in the system of record and update the mappings as needed when policy language changes. Must be able to assess regulatory requirements against GIS policy, controls and assessment proof points. Drive action plans to address any regulatory gaps and ensure accurate risk and compliance reporting. Will work closely with subject matter experts including GIS Policy, Risk, Audit, Lines of Business, Legal, Compliance and external regulators as needed.
Additional expectations of role:
- Ensure Laws, Rules, Regulations and Guides (LRRGs) in the GIS inventory are mapped to GIS policies and identified gaps are addressed to ensure policy coverage of regulatory requirements, industry standards and best practices.
- Breakdown and map assigned Laws, Rules, Regulations and Guides (LRRGs) to GIS policy requirements
- Raise any identified policy language gaps to be validated and remediated
- Perform Impact Assessments for any GIS policy changes (standards and baselines) to ensure coverage is maintained to aligned LRRGs
- Perform Impact Assessments for GIS Policy Exception Types to ensure a policy violation is not created based on aligned LRRGs
- Maintain accurate data for all LRRGs and GIS policy mappings in the system of records through BAU and QA routines
- Publish routine reports for Regulatory Landscape, metrics, newsletters, etc
- Maintain process documentation and playbooks
- Analytical mindset and teamwork to support and improve the GIS Policy Governance ecosystem.
- Technical and business knowledge to ensure policy language gaps are covered by policy and have aligned controls.
- Result-oriented, business focused, and successful individual to interface across multiple organizational units, at various levels.
- Knowledge/experience/exposure with information security topics, including the design, development, testing, implementation or governance of information security practices and solutions
- Knowledge of access management/risk identification and mitigation/project management skills.
Minimum Years of Experience
5
Required Qualifications:
- Previous experience in Information Technology / Information Security
- Ability to identify, analyze and address problems to resolve issues whenever possible in a way that minimizes negative impact and risk to the organization
- Strong critical thinking/analytical skills/problem solving/conceptual thinking
- Highly effective written and verbal communication skills.
- Microsoft Office Proficient (Excel, Word, Outlook, Visio, PowerPoint, etc.)
- Ability to communicate complex information in simple terms (oral and written)
- Strong organization skills with the ability to prioritize requests and workload accordingly
- Strong analysis and fact-based decision-making
- Strong leadership skills and qualities which enable you to work with peers and various levels of management
- Proven ability of risk oriented approach and Strong risk management acumen.
- Influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding
- Ability to work independently on initiatives with little oversight.
- Motivated and willing to learn.
- Quick learner and self-starter
Desired Qualifications
- 5 years of experience operating within an information security environment.
- Bachelor's degree in Information Technology or related field
- Prior Governance, Compliance, and or Audit experience desired.
- Broad awareness of information security operations and/or enterprise information technology (Enterprise data management, application development, network management).
- Familiarity with independent audit, assessment, QA/QC functions desired.
- Leadership competency in geographically diverse matrixed environment.
- Must be comfortable communicating technology impacts and risk to various levels of executive management understanding the need to tailor and deliver appropriate content for given audience.
- Ability to work with Technical and Non Technical business owners
- Experience with Project Management or working with Project Managers
**Skills:**
+ Customer and Client Focus
+ Interpret Relevant Laws, Rules, and Regulations
+ Policies, Procedures, and Guidelines
+ Problem Solving
+ Quality Assurance
+ Business Acumen
+ Controls Management
+ Innovative Thinking
+ Process Management
+ Stakeholder Management
+ Business Process Analysis
+ Data Governance
+ Data Privacy and Protection
+ Data and Trend Analysis
+ Risk Analytics
This job will be open and accepting applications for a minimum of seven days from the date it was posted.
**Shift:**
1st shift (United States of America)
**Hours Per Week:**
40
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "Know your Rights" poster, CLICK HERE ( .
View the LA County Fair Chance Ordinance ( .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work.
This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

GIS Policy Regulatory Management Specialist represents Global Information Security (GIS) while working with Compliance, Risk, Legal, FLU's and Enterprise functions, consulting on all regulations with Global Information Security applicability. Expected to read published laws rules regulations and guidances (LRRGs), understand how they apply to GIS and map them to GIS policy. Maintain the inventory of LRRGs and mappings in the system of record and update the mappings as needed when policy language changes. Must be able to assess regulatory requirements against GIS policy, controls and assessment proof points. Drive action plans to address any regulatory gaps and ensure accurate risk and compliance reporting. Will work closely with subject matter experts including GIS Policy, Risk, Audit, Lines of Business, Legal, Compliance and external regulators as needed.

Additional expectations of role:
Ensure Laws, Rules, Regulations and Guides (LRRGs) in the GIS inventory are mapped to GIS policies and identified gaps are addressed to ensure policy coverage of regulatory requirements, industry standards and best practices.
Breakdown and map assigned Laws, Rules, Regulations and Guides (LRRGs) to GIS policy requirements
Raise any identified policy language gaps to be validated and remediated
Perform Impact Assessments for any GIS policy changes (standards and baselines) to ensure coverage is maintained to aligned LRRGs
Perform Impact Assessments for GIS Policy Exception Types to ensure a policy violation is not created based on aligned LRRGs
Maintain accurate data for all LRRGs and GIS policy mappings in the system of records through BAU and QA routines
Publish routine reports for Regulatory Landscape, metrics, newsletters, etc
Maintain process documentation and playbooks
Analytical mindset and teamwork to support and improve the GIS Policy Governance ecosystem.
Technical and business knowledge to ensure policy language gaps are covered by policy and have aligned controls.
Result-oriented, business focused, and successful individual to interface across multiple organizational units, at various levels.
Knowledge/experience/exposure with information security topics, including the design, development, testing, implementation or governance of information security practices and solutions
Knowledge of access management/risk identification and mitigation/project management skills.

Minimum Years of Experience
5

Required Qualifications:
Previous experience in Information Technology / Information Security
Ability to identify, analyze and address problems to resolve issues whenever possible in a way that minimizes negative impact and risk to the organization
Strong critical thinking/analytical skills/problem solving/conceptual thinking
Highly effective written and verbal communication skills.
Microsoft Office Proficient (Excel, Word, Outlook, Visio, PowerPoint, etc.)
Ability to communicate complex information in simple terms (oral and written)
Strong organization skills with the ability to prioritize requests and workload accordingly
Strong analysis and fact-based decision-making
Strong leadership skills and qualities which enable you to work with peers and various levels of management
Proven ability of risk oriented approach and Strong risk management acumen.
Influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding
Ability to work independently on initiatives with little oversight.
Motivated and willing to learn.
Quick learner and self-starter

Desired Qualifications
5 years of experience operating within an information security environment.
Bachelor's degree in Information Technology or related field
Prior Governance, Compliance, and or Audit experience desired.
Broad awareness of information security operations and/or enterprise information technology (Enterprise data management, application development, network management).
Familiarity with independent audit, assessment, QA/QC functions desired.
Leadership competency in geographically diverse matrixed environment.
Must be comfortable communicating technology impacts and risk to various levels of executive management understanding the need to tailor and deliver appropriate content for given audience.
Ability to work with Technical and Non Technical business owners
Experience with Project Management or working with Project Managers

Skills:

• Customer and Client Focus
• Interpret Relevant Laws, Rules, and Regulations
• Policies, Procedures, and Guidelines
• Problem Solving
• Quality Assurance
• Business Acumen
• Controls Management
• Innovative Thinking
• Process Management
• Stakeholder Management
• Business Process Analysis
• Data Governance
• Data Privacy and Protection
• Data and Trend Analysis
• Risk Analytics

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:

1st shift (United States of America)

Hours Per Week:

40

Pay Transparency details

US - CO - Denver - 1144 15th St - Denver Gis (CO9926)Pay and benefits informationPay range$78,200.00 - $137,700.00 annualized salary, offers to be determined based on experience, education and skill set.Discretionary incentive eligibleThis role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.BenefitsThis role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.5 years experience

Information Security And Risk Management Senior Analyst

Contributes strategic vision and serves as a contributor in the architecture, planning, engineering, development, implementation and compliance monitoring for organization-wide security identity and access management initiatives with a focus on Active Directory and Azure AD (Active Directory), including the following responsibilities:

• Perform typical domain administrator tasks
• Domain controller management
• Manage Group Policy
• Support for infrastructure services
• DNS (Domain Name System), certificate authority (PKI), DFS, ADFS (Active Directory Federation Services), and Duo
• Help develop the Privileged Access Management program
• Policy monitoring and compliance
• Automation and integration efforts with various systems across OSUWMC and OTDI
• Consults on major initiatives, including multiple departments, service lines, platforms and regarding the integration of information security identity and access related technologies
• Assist with the evaluation and research for strategic projects involved in new and existing products, procedures and/or workflows needs associated with identity management for the Medical Center

Minimum Qualifications:

Bachelor's degree and 4 years of Active Directory experience. The ability to demonstrate knowledge of information security best practices. Knowledge of risk management in information security auditing. Knowledge of Microsoft Active Directory or other LDAP products. Proficiency in writing and understanding SQL. Proficiency in writing and understanding PowerShell.

Additional Information:

Our Comprehensive Employee Benefits Include:

• An array of retirement plan options, each with a generous employer contribution.
• Affordable health insurance options, including dental, vision and prescription coverage that begin on day one.
• Paid vacation and sick leave, including short and long-term disability and paid parental leave.
• Get the most out of the Public Service Loan Forgiveness program.
• And much more!

Location:

Ackerman Rd, 640 (2432)

Position Type:

Regular

Scheduled Hours:

40

Shift:

Final candidates are subject to successful completion of a background check. A drug screen or physical may be required during the post offer process.

The university is an equal opportunity employer, including veterans and disability.

Information Security And Risk Management Senior Analyst

Contributes strategic vision and serves as a contributor in the architecture, planning, engineering, development, implementation and compliance monitoring for organization-wide security identity and access management initiatives with a focus on Active Directory and Azure AD (Active Directory), including the following responsibilities:

• Perform typical domain administrator tasks
• Domain controller management
• Manage Group Policy
• Support for infrastructure services
• DNS (Domain Name System), certificate authority (PKI), DFS, ADFS (Active Directory Federation Services), and Duo
• Help develop the Privileged Access Management program
• Policy monitoring and compliance
• Automation and integration efforts with various systems across OSUWMC and OTDI
• Consults on major initiatives, including multiple departments, service lines, platforms and regarding the integration of information security identity and access related technologies
• Assist with the evaluation and research for strategic projects involved in new and existing products, procedures and/or workflows needs associated with identity management for the Medical Center

Minimum Qualifications

Bachelor's degree and 4 years of Active Directory experience. The ability to demonstrate knowledge of information security best practices. Knowledge of risk management in information security auditing. Knowledge of Microsoft Active Directory or other LDAP products. Proficiency in writing and understanding SQL. Proficiency in writing and understanding PowerShell.

Additional Information

• An array of retirement plan options, each with a generous employer contribution.
• Affordable health insurance options, including dental, vision and prescription coverage that begin on day one.
• Paid vacation and sick leave, including short and long-term disability and paid parental leave.
• Get the most out of the Public Service Loan Forgiveness program.
• And much more!

Location

Ackerman Rd, 640 (2432)

Position Type

Regular

Scheduled Hours

40

Shift

Final candidates are subject to successful completion of a background check. A drug screen or physical may be required during the post offer process.

The university is an equal opportunity employer, including veterans and disability.