Information Security Mainframe Security Engineering Team Manager

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. Were devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:
This job is responsible for leading a key function driving enterprise-wide information security policies, procedures, and standards in support the policy governance lifecycle. Key responsibilities include applying knowledge of laws, rules, regulations, and information security concepts (e.g., NIST, COBIT, ISO) to establish and maintain policies. Job expectations include providing oversight and alignment of processes, and, controls to requirements, identifying gaps in coverage, and, reporting on adherence to the Information Security Policy.

LOB Overview:

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the banks Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements

Role Description:

The Mainframe Security Engineering team manager directs and controls the activities of security engineers in the development, implementation, communication, monitoring and maintenance of the information security policies and procedures. This role is responsible for the development and implementation of security standards, procedures, and guidelines. This individual provides state of the art technical expertise and support to client, IT management, and staff in assessing risk and the implementation of appropriate security procedures and products. Oversees execution of security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols and effectively communicate these risks and all other types of risk to management and key stakeholders.

• Responsible for overall aspects of securing the Bank's Mainframe environments with the goal of eliminating risks in these operational environments.

• Drives remediation of findings identified from security assessments and coaches other teammates remediation best practices.

• Proposes and leads forward thinking solutions; builds reusable secure-by-design frameworks (e.g., input validation, output encoding, logging, authorization).

• Oversees security engineering and operational teams and providing necessary service & support to run the Mainframe security platforms.

• Works day-to-day on incidents primarily by providing direction to team members and aligned stakeholders,

• Ensures compliance with Change Management, Incident Management, and Problem management for various security technologies such as RACF, ACF2, DB2, CICS, Storage, zOS, zOS Network & Security and zOS Performance.

• Partners with vendors on major projects, software upgrades, BAU tasks, and meeting SLAs.

• Acts as a key resource and spokesperson with risk partners during assessments, examinations and audits.

• Drives Mainframe Modernization and work in close partnership with the CTO Mainframe team to provide SME security leadership.

• Directs technology team within the Access Management Monitoring and Controls organization to research, engineer, develop, implement, communicate, monitor, and maintain the information security (authentication, perimeter security, security & compliance tools, etc), & directory technology systems (software & hardware) and security policies / procedures.

• Utilizes in-depth technical / project knowledge and business requirements to design / direct secure solutions to meet customer / client needs while protecting the Bank's assets. Serves as organization spokesperson with other technology or business groups. Exercises independent judgment in directing staff to achieve results. Works independently with directions / goals from the Information Security Technology Executive. Typically 7-10 years of experience, including people management responsibility.

• Provides technical expertise throughout the software lifecycle including design, implementation and delivery.

• Leverage expertise Advanced experience with web application development, database, unix/linux environments, distributed and parallel systems, information retrieval, networking, large scale software development, security software development to execute large and small projects aimed at growing our business and/or evolving the Banks security posture

Role Qualifications- Required Skills:

• 10 Years of experience in RACF, ACF2 and zOS systems

• 10 Years of working knowledge of Mainframe infrastructure and related concepts

• 5 years of experience managing vendor relationships

• In-depth understanding of security integration points of z/OS, DB/2, IMS, CICS and other mainframe subsystems and how they are defined and managed with ACF2/RACF security servers.

• Extensive experience with Audit processes, action planning, evidence tracking and interaction with risk partners

• Understanding cloud , virtualization, APIs, and modern software languages

Desired Skills:

• Strong technical background and ability to learn new technologies quickly

• Ability to identify, analyze and address problems to resolve issues whenever possible in a way that minimizes negative impact and risk to the organization

• Ability to work independently on initiatives with little oversight. Motivated and willing to learn.

• Strong analytical skills / problem solving / conceptual thinking

• Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding

• Strong leadership skills and qualities which enable you to work with peers and various levels of managements

• Excellent interpersonal and communication skills

Enterprise Job Description: This job is responsible for leading a key function driving enterprise-wide information security policies, procedures, and standards in support the policy governance lifecycle. Key responsibilities include applying knowledge of laws, rules, regulations, and information security concepts (e.g., NIST, COBIT, ISO) to establish and maintain policies. Job expectations include providing oversight and alignment of processes, and, controls to requirements, identifying gaps in coverage, and, reporting on adherence to the Information Security Policy.

Shift:

Hours Per Week: