Bank of America
Information Security Transformation Lead – Data Leakage Prevention
Bank of America, Washington, District of Columbia, us, 20022
Information Security Transformation Lead – Data Leakage Prevention
Join to apply for the
Information Security Transformation Lead – Data Leakage Prevention
role at
Bank of America
Job Description:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. This includes our commitment to a responsible growth culture and an inclusive workplace.
Key Responsibilities:
Own the DLP transformation roadmap for data protection across all channels, aligning with enterprise information security architecture.
Conduct deep technical assessments of DLP and adjacent capabilities, identifying architecture and tooling gaps.
Partner with control owners to develop functional requirements for new capabilities, ensuring threat model alignment.
Architect and guide the delivery of integrated data protection solutions, incorporating DLP tooling, encryption, cloud-native controls, and internet security capabilities.
Develop and maintain threat models for data exfiltration and insider threat scenarios, mapping to frameworks such as MITRE ATT&CK.
Oversee technical design for secure internet traffic inspection, advanced policy enforcement, and automation for faster detection and response.
Ensure transformation efforts meet regulatory, audit, and security policy standards (e.g., NIST 800-53, FFIEC, GDPR, CCPA).
Act as a trusted advisor to GIS, CTO, and enterprise stakeholders on advanced data protection strategies.
Provide clear executive-level reporting on transformation progress, security posture improvements, and program maturity.
Required Qualifications:
Minimum of 7 years of information security expertise in architecture, engineering, and operations, with focus on DLP across endpoint, network, email, cloud, and data at rest.
Proven experience integrating data protection solutions with SIEM, SOAR, CASB, EDR/XDR, IAM, and secure web gateways.
Strong capability in threat modeling and translating results into security architecture changes.
Understanding of regulatory and industry standards for high-risk data in financial services.
Ability to lead technical design reviews and challenge architectural decisions to ensure security-by-design.
Exceptional relationship management and influence skills across complex, global organizations.
Desired Qualifications:
Security certifications such as CISSP, CCSP, CISM, or GIAC.
Automation and scripting skills (Python, PowerShell, etc.).
Experience in AI-assisted anomaly detection for data security.
Background in financial services or similarly regulated industries.
Skills:
Cyber Security • Data Privacy and Protection • Problem Solving • Process Management • Threat Analysis • Access and Identity Management • Business Acumen • Interpret Relevant Laws, Rules, and Regulations • Risk Analytics • Stakeholder Management • Data Governance • Data and Trend Analysis • Incident Management • Information Systems Management • Technology System Assessment
Shift:
1st shift (United States of America)
Hours Per Week:
40
Seniority level:
Mid-Senior level
Employment type:
Full-time
Job function:
Information Technology
Industry:
Banking
#J-18808-Ljbffr
Information Security Transformation Lead – Data Leakage Prevention
role at
Bank of America
Job Description:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. This includes our commitment to a responsible growth culture and an inclusive workplace.
Key Responsibilities:
Own the DLP transformation roadmap for data protection across all channels, aligning with enterprise information security architecture.
Conduct deep technical assessments of DLP and adjacent capabilities, identifying architecture and tooling gaps.
Partner with control owners to develop functional requirements for new capabilities, ensuring threat model alignment.
Architect and guide the delivery of integrated data protection solutions, incorporating DLP tooling, encryption, cloud-native controls, and internet security capabilities.
Develop and maintain threat models for data exfiltration and insider threat scenarios, mapping to frameworks such as MITRE ATT&CK.
Oversee technical design for secure internet traffic inspection, advanced policy enforcement, and automation for faster detection and response.
Ensure transformation efforts meet regulatory, audit, and security policy standards (e.g., NIST 800-53, FFIEC, GDPR, CCPA).
Act as a trusted advisor to GIS, CTO, and enterprise stakeholders on advanced data protection strategies.
Provide clear executive-level reporting on transformation progress, security posture improvements, and program maturity.
Required Qualifications:
Minimum of 7 years of information security expertise in architecture, engineering, and operations, with focus on DLP across endpoint, network, email, cloud, and data at rest.
Proven experience integrating data protection solutions with SIEM, SOAR, CASB, EDR/XDR, IAM, and secure web gateways.
Strong capability in threat modeling and translating results into security architecture changes.
Understanding of regulatory and industry standards for high-risk data in financial services.
Ability to lead technical design reviews and challenge architectural decisions to ensure security-by-design.
Exceptional relationship management and influence skills across complex, global organizations.
Desired Qualifications:
Security certifications such as CISSP, CCSP, CISM, or GIAC.
Automation and scripting skills (Python, PowerShell, etc.).
Experience in AI-assisted anomaly detection for data security.
Background in financial services or similarly regulated industries.
Skills:
Cyber Security • Data Privacy and Protection • Problem Solving • Process Management • Threat Analysis • Access and Identity Management • Business Acumen • Interpret Relevant Laws, Rules, and Regulations • Risk Analytics • Stakeholder Management • Data Governance • Data and Trend Analysis • Incident Management • Information Systems Management • Technology System Assessment
Shift:
1st shift (United States of America)
Hours Per Week:
40
Seniority level:
Mid-Senior level
Employment type:
Full-time
Job function:
Information Technology
Industry:
Banking
#J-18808-Ljbffr