Senior Threat Evaluation Analyst - Cyber Threat Evaluation and Prevention (CTEP)

Denver, Colorado;Washington, District of Columbia; Chicago, Illinois

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

The Global Information Security organization (GIS) at Bank of America protects bank information systems, confidential and proprietary data, and customer information. The Cyber Threat Evaluation and Prevention Team (CTEP) assesses threats and emerging risks, evaluates cyber security controls, and defines observations to remediate risks.

The Senior Threat Evaluation Analyst plays an essential role in the Cyber Threat Defense Framework. The CTEP Senior Evaluation Analyst conducts evaluations of threats and incidents and identifies opportunities for process and control enhancements. They act as a mentor and cybersecurity subject matter expert, assisting peers and colleagues in conducting evaluations. They are a leader, capable influencer, comfortable operating in ambiguity, and laser-focused on delivering value for the organization. They are capable of driving initiatives and teams, maximizing value delivery and collaboration. They support the organization in understanding the threat environment to identify the bank’s risk of exposure through the identification of root cause (where applicable) and learnings from individual threats to improve how the bank defends against the threat, in collaboration with other GIS control functions. The senior analyst conducts evaluations by engaging with subject matter experts, control owners, and executives, conducting independent research and comprehensively documenting areas of exposure in the Bank’s defensive posture. Generally requires 8-10 years of experience.

The Cyber Threat Evaluation and Prevention Program:

• Analyzes threats and incidents to the bank.

• Identifies gaps to be remediated by process and control owners.

• Evaluates and influences the improvement of Bank of America’s risk and control environment for cyber security threats and emerging risks.

Within CTEP, the Evaluation team:

• Analyzes threats and incidents sourced from GIS partner teams to identify and triage process and control weaknesses in context of risks arising from the threat.

• Documents defensive posture, process and control weaknesses, and overall risk of each threat.

• Reviews threats/incidents holistically to identify broad themes and strategic issues, enabling GIS to protect against cyber threats effectively and proactively.

Required Skills:

• Proven formal or informal leadership and influencing capability in a technology-related field.

• Knowledge of Cyber Industry Frameworks (e.g., NIST CSF, MITRE ATT&CK, CRI Profile).

• Strategic thinking AND attention to detail – ability to think “like a threat actor.”

• Strong technical writing capabilities; writing technical content in a broadly consumable format.

• Proficient computer/analytics skills – esp. Jira, Excel, Word, Power Point, Alteryx, etc.

• General understanding of bank policies, specific to data and privacy, third parties, incident management, vulnerability management, etc.

Desired skills:

• Deep operational knowledge of information security, IT infrastructure, and risk management.

• Broad experience in multiple cybersecurity domains (e.g. IAM, network defense, risk management, etc.)

• People leadership acumen and a strategic mindset to enable positive change.

• Background in investigations and/or intelligence collection, analysis, and reporting.

• Ability to prioritize and manage time effectively and work independently with minimal direction.

• Experience responding to and managing security incidents and events.

• Experience creating, executing, and documenting assessments and etc..

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:

1st shift (United States of America)

Hours Per Week:

40

Pay Transparency details

US - CO - Denver - 1144 15th St (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842)

Pay and benefits information

Pay range

$137,300.00 - $190,100.00 annualized salary, offers to be determined based on experience, education and skill set.

Discretionary incentive eligible

This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.

Benefits

This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.

To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .

To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .

View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) .

Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.

To view Bank of America’s Drug-free Workplace and Alcohol Policy, CLICK HERE .

This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.