Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Job Description:

Cyber Incident Response and Management (CIRM) is part of the Global Information Security (GIS) Response and Recovery (R&R) Global Team. The role of the Incident Manager is to coordinate the response and recovery activities from information security incidents. This includes collaboration with appropriate response partners, assisting with determining the root cause of incidents and working with stakeholders and responsible parties to contain the incident and remediate any identified control gaps or failures. An Incident Manager should escalate issues to management in a timely manner with appropriate information regarding severity, exposure, and action items. This role requires critical thinking and investigative mindset, coupled with effective written and verbal communication skills.

Responsibilities:

• Establish oversight of information security events and incidents and communicate analysis, containment and remediation efforts to all business partners.
• Incident response and recovery plans will be available to use and should be maintained by the team. Any issues that require management escalation will be expected to be completed in a timely manner including all appropriate information in relation to risk and action times.
• The Incident Manager will be expected to provide status updates and post-incident reports for executives and stakeholders in non-technical terms encompassing risk, impact, likelihood, containment and remediation activities and threat actors.
• Risk management including briefing and recommending actions to executive leadership within Global Information Security and other business partners on events and incidents
• The incident manager will be part of a global 24/7 rotation and there is a requirement to work 8-10 weekends per year on an on-call basis as a primary contact and 8-10 weekends as a secondary contact. There will also be a requirement to cover the majority of US holidays.

Required Skills:

• 2 + years of experience in an operations-focused Information Security role.
• Experienced in conducting analysis, investigation and containment of potential data breaches or cybersecurity incidents.
• Possess strong analytical, tactical and critical thinking ability, alongside investigative mindset.
• Ability to lead technical bridge lines to determine the root cause and execute effective containment solutions to cybersecurity incidents.
• Excellent verbal and written communication skills to effectively convey technical information to both technical and non-technical stakeholders, across all levels of a global Financial Institution.
• Proficient in writing detailed incident reports/summaries, response procedures, and post-incident analysis for reporting and improvement purposes.
• Ability to handle multiple competing priorities in a fast-paced environment.
• Familiarity with security vulnerabilities, exploits, malware and digital forensics as they relate to Incident Response.
• Demonstrated ability to identify and implement process improvements within the Incident Response framework to enhance efficiency and effectiveness.
• Security+ or equivalent certification required within 6 months of employment.
• Working Hours: 8:30 AM to 4:30 PM SGT (during Daylight Savings Time) or 9:00 AM to 5 PM SGT (during non-Daylight Savings Time); on-call rotation required (for certain weekends and other region’s public holidays)

Desired Skills:

• Familiarity with NIST CSF, NIST IR Lifecycle, and NIST NICE.
• Familiarity with MITRE ATT&CK and Cyber Kill Chain.
• Prior experience in technical roles tangentially related to Incident Response, such as Malware Analysis and Digital Forensics, is desirable.
• Advanced certifications related to Incident Response, such as Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), or Certified Information Security Manager (CISM), are desirable.
• College Degree - (B.S, M.S.) in Digital Forensics, Computer Science, Information Security or a related field.