Privileged Access Management (PAM) Sr. Specialist

Job Description: At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities, and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Responsibilities This role reports directly to the Technology Executive for Authentication, Privilege Access Management Service, and Cloud IAM. It is primarily responsible for ensuring relevant Privileged Access Controls are adequately enforced across platforms and applications to comply with IAM Standard. Partner with PAM Governance leads to ensure Privileged Access Controls are appropriately measured, reported, and governed. Assess Privileged Access risk in business and technology decisions, demonstrating risk management practices to safeguard BAC's reputation, clients, and assets by ensuring compliance with laws, rules, and regulations, and adhering to BAC policies and standards. Monitor industry information security and PAM trends, engaging peer organizations to refine BAC's PAM strategy. Apply industry PAM best practices, templates, and documentation, and propose improvements based on practical knowledge. Provide Active Directory security best practices and consultation to cross-functional teams, ensuring compliance with IAM standards and better protection of privileged accounts against cyberattacks. Develop new PAM requirements and cloud-based security solutions, governing cloud identities. Establish and maintain partnerships with other GIS functions, CTI, CST, Third Party management, CGOR, internal audit, and regulatory agencies. Influence technology and PAM tools owners to build and implement enhanced PAM solutions that are efficient, effective, and modern, reducing material risks sustainably. Collaborate with stakeholders to develop PAM requirements supporting long-term modernization and transformation (covering Process, Data, and Technology). Engage with Product Managers and Senior Architects to understand the strategic PAM technology roadmap, which guides the need for modernized security principles. Consult with the business to identify gaps and governance issues, leveraging domain expertise to find effective solutions. Clearly communicate reasons and methods behind proposed changes through educational materials for others. Provide education to team members and technology partners regarding proposed changes. Partner with the policy governance team for socialization and publication of proposed changes to the PAM Standard. Take accountability for addressing PAM risks, proactively identifying risks, and continuously improving BAC's PAM controls. Implement solutions and drive towards outcomes. Engage senior management to provide transparent, factual, and timely reports on PAM or information security risks. Participate actively in GIS IAM/PAM forums, including Monthly IAM Stakeholder Forum and Control Owner Forum, for standard and SPI enhancements. Support audit issues for closure and sustainability. Required Qualifications: Extensive knowledge of PAM-specific laws, rules, and regulations within financial services. Understanding and applying BAC's information security policies, standards, procedures, and guides in PAM decisions and responses. Serve as Subject Matter Expert advising on compliance. Proficient in implementing and governing risk and role-based access controls. Extensive experience managing Active Directory to enforce privileged access controls. Ability to influence cloud technology owners to develop secure processes. Strong risk management mindset, proactively mitigating PAM risks. Familiarity with standards such as NIST, ISO/EC, FFIEC. CISSP certification is an advantage. Expertise in PAM methodologies and techniques for on-prem and cloud environments. Knowledge of PAM tools supporting session proxy, vaulting, just-in-time provisioning, and integration with service management tools is advantageous. 10 years of hands-on PAM experience, with at least 5 years in management. Deep security knowledge covering core technology infrastructure, identity management, and application security. Experience with Linux, Windows, Cloud Identity, SSO, MFA, and PAM service design and architecture. Expertise in authentication platforms such as Active Directory, LDAP, Kerberos, Radius. Knowledge of federation protocols like OAuth, OpenID, SAML, WS-Fed. Desired Qualifications Experience with IAM platforms like Ping Identity, OpenLDAP, OpenDJ. Proficiency with Web Service APIs (JSON/XML). Hands-on experience with AWS, Azure, GCP, or other Cloud Technologies. Ability to articulate data-driven plans and collaborate with stakeholders to implement risk reduction solutions. Strong attention to detail, analytical skills, and excellent communication and organizational skills. Experience in large, complex projects and data management. Ability to motivate teams, influence stakeholders, and work independently. Knowledge of bank financial practices, policies, and compliance certifications like SOX, SOC, SOC2. This job will be open for at least seven days from posting. Shift: 1st shift (United States of America) Hours Per Week: 40 Pay Transparency details Pay range: $137,300.00 - $190,100.00 annually, based on experience and skills. Eligible for discretionary incentives and benefits. #J-18808-Ljbffr