Cyber Resilience Technology Analyst
The Global Information Security (GIS) Cyber Resilience (CR) organization is a newly established function focused on driving improved reliability and recoverability across business and security services. This team will focus across 3 primary domains: 1) the Bank of American enterprise of business services, working closely with the Enterprise Resilience team to represent cyber threats, the potential impacts, and to drive cyber-centric thinking into the designs of processes, systems and technology solutions, 2) the GIS portfolio of business and protection services to understand the current services and their level of need and ability to maintain a high level of resilience, and 3) the Financial Industry, third parties and critical utilities to drive improvements in the overall resilience of the industry and our partners.
The Cyber Resilience Technology Analyst will work across each of these 3 domains to understand the technology usage and designs, seek methods to improve resilience through design, and reduce impact and improve recoverability through creative technology solutions.
This individual will be viewed as a critical partner, and subject matter expert across the enterprise. They will partner with our Chief Technology Organization (CTO) and GIS Cyber Security Technology (CST) teams to understand technology deployments, the level of resilience supported, the level required and then drive creation of technology plans to improve our resilience posture.
This individual will have a thorough understand of general technology solutions and deep expertise in cyber security related technologies, controls and solutions.
• Partners across technology, CIO, GIS and industry teams to improve operational resilience from cyber-related impacts
• Prepares analysis of technology solutions to determine how designs and practices can be improved to increase both the ability to absorb cyber-related shock and the ability more rapidly recover when impacts do occur
Supports development of cyber-attack scenarios that are used to test resilience and recovery within business services
• Participates in post incident reviews and risk analysis to further influence how our resilience strategy needs to adapt to emerging or systemic risk.
• Analyzes applications, process and services to identify concentration risk based on technology distribution.
• Partnering with peers to advocate key resiliency concepts to ensure alignment with enterprise goals.
• Develop threat models to be used to harden CTO Core Critical Infrastructure, GIS services and controls.
• Reports to GIS Cyber CR Technology Lead
• Works closely with peers: CR Technology architect, CR Technology engineer,
• Works closely with CTO and CIO technology teams
Scope of Responsibilities:
• Creates technology plans to improve cyber resilience
• Assists in preparing cyber-attack scenarios to support testing and exercises
• Develop threat models, and prepares analysis to be used to harden CTO Core Critical Infrastructure, GIS services and controls
• Works with vendors to drive develop of new products to meet cyber resilience needs
• Works with technology leaders and teams across the enterprise to increase our cyber resilience capabilities
Knowledge, Skills and Key Leadership Characteristics:
• Deep technology expertise in infrastructure, applications and security
• Strong interpersonal skills and the ability to work across teams to drive common thinking and collective action
• Builds strong relationships with peers, customers, vendors and the industry
• Ability to deliver measurable outcomes
• Certified Information Security Auditor (CISA) or Certified Information Systems Security Professional (CISSP) or equivalent experience
• Bachelor’s degree in computer science, business administration, related sciences or equivalent experience
• Ensures alignment with strategic direction
• Influences with impact