Senior Manager, Third Party Information Security Officer Chicago, Illinois;Washington, District of Columbia; Denver, Colorado **Job Description:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being a diverse and inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! This job is responsible for managing a team that is delivering various components within the third party information security assessment process. This includes managing assessor productivity, quality, timeliness, and Line of Business related escalations. Key responsibilities include managing a portfolio of assessments to completion while ensuring consistency and quality across the assessments and developing and sponsoring tactics to achieve strategic objectives across the organization. This include reducing external party security gaps in partnership with business leaders, key stakeholders, third parties, and/or external parties and overseeing compliance with security policies. **Job Responsibilities** + Manages a team of assessors responsible for measuring a third parties information security risk and provides support for escalations + Manages team performance through effective recruiting, coaching, training, and performance management activities + Ensuring proper integration with internal processes, governance standards, and security policies + Develops information security strategies to respond to challenges and opportunities and ensures team goals are aligned to these strategies + Identifies process optimization opportunities that will address unmet needs and enable technology and workflow enhancements + Establishes and maintains effective working relationships with third parties, acting as a point of contact for information security matters, communicating security requirements, and addressing any concerns or issues that arise **Required Qualifications:** + 5 to 7 years’ experience in information security + Technical skills include the domains of information security including: + Information Security Controls (Infrastructure Security, Access Management, Application Security, etc.) + IT Compliance, SOX Compliance + Change Management + Enterprise Risk Management + Solid grasp of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards + Strong people management skills + Ability to hold people accountable to process, while identifying improvement opportunities, process risks, and solutions. + The ability to draw upon past knowledge and experiences to find a solution and define a path of action. + The ability to objectively assess information from various sources and synthesize it towards making a reasoned judgment. + The ability to identify impacted parties, share information, address needs and expectations, and resolve issues when implementing change, to support adoption and delivery of expected outcomes. + Experience communicating to Sr. Management level + Ability to communicate clearly and effectively with both technology/development and business partners – ability to translate between these two constituencies. + Ability to work independently on initiatives with little oversight **Desired Qualifications:** + Bachelor’s degree in information technology or related field + Ability to work with Technical and Non-Technical business owners + Experience with assessments based on relevant threat intelligence (network penetration testing, Red Teaming, etc.). + Information Security certifications, including ISO27002 / CISSP / CEH / CISM / CISA + Knowledge of NIST guidelines + This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) . To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) . View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) . Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. To view Bank of America’s Drug-free Workplace and Alcohol Policy, CLICK HERE . This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.