Sr. Information Security Officer - Generative Artificial Intelligence

Bank of America

  • Chicago, IL
  • Permanent
  • Full-time
  • 9 days ago
Job Description:At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!Sr. Information Security Officer - Gen AI will be a member of the Business Information Security Office (BISO) residing within the Global Information Security (GIS) organization. In this role you will work closely with the line of business, their Chief Operating Officer (COO) and supporting technology teams from the Chief Information Officer (CIO)/Chief Technology Officer (CTO). This job is responsible for partnering with senior leaders to balance the needs of the business while ensuring information security risk are appropriately identified and managed to mitigate risk to the organization and drive uncompromising cyber security protection. The role will also support a group/team to develop a deep understanding of the business to lead specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities and enable you to provide guidance on information security topics, policies, and controls.Job expectations include acting as an integrated business partner with cross-functional senior leaders to provide blended security and business expertise to ensure appropriate business management of information security risks. This position will be integral to activities establishing and maintaining a strong security posture with respect to Generative Artificial Intelligence (AI) applications and workloads both internal and external to Bank of America.Key Responsibilities in order of criticality:
  • Leads cybersecurity risk assessments of Generative AI use cases, including assessment of the inherent risk and control effectiveness
  • Guides business leaders and technology organizations on initiatives requiring Global Information Security engagement and/or manage problem resolution on cyber security related issues
  • Serves as a common risk control partner to identify emerging security risks in the portfolio
  • Drives adherence and appropriate risk tolerance levels, operating in accordance with the information security policies defined to protect against threats to data confidentiality, integrity, and availability
  • Promotes awareness of current and emerging cybersecurity threats and advise on potential information security exposure
  • Facilitates risk reviews across logical and physical boundaries to identify gaps and recommend secure designs
  • Interprets the information security requirements outlined in policy, standards and procedures as well as reinforces requirements through education and awareness
  • Leads as a "security ambassador" to help business leaders drive strategic and innovative risk mitigation priorities and navigate the Global Information Security organization
Required Qualifications:
  • 8+ years of experience in cybersecurity, with at least 2 years focused on cyber assessment of Artificial Intelligence or Machine Learning systems
  • A deep understanding of Generative AI/Large Language Models and assessment frameworks including MITRE ATLAS, OWASP Top 10 for LLM and GenAI, and NIST AI RMF
  • In-depth knowledge of cybersecurity threats, controls and technologies, with a deep understanding/experience with software developer experiences to bridge the gap between the theoretical and practical application
  • Ability to apply knowledge of internal and external information vulnerabilities to evaluate the degree of threat to an information system and answer tactical questions about current operations, predict future behavior or recommend appropriate mitigation countermeasures
  • Ability to manage and design controls that may contribute to a remediation plan developed to address policy, technology, environmental, and/or operational gaps
  • Ability to bring multiple stakeholders together, including senior business and technology leaders, and cut to the heart of issues to reach consensus
  • Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input, and when to act independently
  • Bias for action and a commitment to build partnerships in a dynamic risk & threat driven environment
  • Strong interpersonal skills; ability to make effective presentations and communicate technical concepts to non-technical parties
  • Ability to identify, measure, monitor, and control risk as part of daily business activities, with a focus on specific risk types (e.g., Strategic, Credit, Market, Liquidity, Operational, Compliance, Reputational)
  • Ability to design, architect, analyze, support, and secure cloud-based workloads
  • Excellent communication, influencing and facilitation skills
Shift: 1st shift (United States of America)Hours Per Week: 40Pay Transparency detailsUS - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540), US - NJ - Jersey City - 101 Hudson St - 101 Hudson (NJ2101)Pay and benefits informationPay range$141,700.00 - $206,900.00 annualized salary, offers to be determined based on experience, education and skill set.Discretionary incentive eligibleThis role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.BenefitsThis role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

Bank of America