Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

• Strong operational mindset and detail-oriented
• Excellent analytical & problem-solving skills with good conceptual thinking
• Comfortable presenting to executives and senior management
• Understanding of information security principles, processes, and controls
• Knowledge of APAC laws, rules, and regulations impacting information security
• Excellent command of the English Language, with strong verbal and written communication skills
• Bachelor's degree in Information Technology or related field
• CISSP or CISA Certification preferred

• Responsible to solicit, review and deliver responses on information security processes and controls for regulatory exams, external audits and meetings, surveys/questionnaires, attestations, internal audits, and/or compliance engagements, including obtaining senior management approvals for the release of all responses.
• Consults on-demand with internal stakeholders on alerts and advisories published by regional regulators.
• Responsible to collaborate with internal stakeholders in identifying, onboarding and submitting non-financial regulatory reports (NFRR) change requests related to information security in a timely and accurate manner.
• Assists Regulatory & Exam Management team in providing regional governance and support for escalation of potentially regulatory-reportable cyber incidents.
• A self-starter, team player with a strong people-influencing skillset
• Drive Regulatory & Exam Management team's initiatives including globally driven ones based on annual strategy.
• Ensure team's processes and playbooks are up-to-date, effective and efficient.
• 6-9 years of cyber security/risk/regulatory experience
• Certification desired but not required: CISSP, CRISC, CISM
• Conduct cyber risk assessment in support of technology initiatives to help identify IT related risk and determine appropriate controls to mitigate risks.
• Monitor, track, and manage risk mitigations and exceptions and ensure adequate monitoring capability is incorporated into solutions.