Cyber Technology Compliance and Operational Risk Specialist

Bank of America

Job Description:

The responsibilities within this role may include oversight of Cyber Technology material projects to proactively identify risks, perform governance, review and oversight of high risk issues and risk identified issues, and/or to produce and socialize 2nd line point of views based on deeply technical reviews and challenges. The Compliance and Operational Risk (C&OR) Specialist assists the C&OR officer team in activities to contribute to the independent compliance and operational risk oversight of Front Line Unit or Control Function (FLU/CF) performance and any related third party/vendor relationships in alignment with the Global Compliance -- Enterprise Policy, the Operational Risk Management -- Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management (CORM) Program and Standard Operating Procedures (SOPs).


  • Ability to identify, analyze and address risk that could negatively impact the organization
  • Strong analytical skills, including the ability to explain and make actionable conclusions 
  • Draw and support unbiased, independent conclusions based on policies and standards in the face of challenge
  • Work independently and manage workload and deliverables with little direct supervision for extended periods. 
  • Strong relationship management experience/skills including the ability to interact, communicate and influence equally well within all levels of the Company
  • Navigate a highly complex organization and operate effectively in a quickly changing environment

Desired Skills and Experience:

  • 3-5 years of experience in Information Security and/or related technology field 
  • 1+ year project management experience/exposure
  • Cyber Security Operations understanding and familiarity with common Information Security and data protection frameworks and standards (i.e. CIS, NIST, MITRE)
  • Experience in evaluating, recommending, and implementing new and emerging security products and technologies 
  • Experience with large on-prem or hybrid-cloud solutions
  • Familiarity with key differences between popular cloud provider solutions and cloud orchestration tools (e.g. Azure, AWS, GCP, Pivotal Cloud Foundry, BOSH, Kubernetes, Docker, etc.)
  • Cloud authentication, encryption, key management, and access management understanding.
  • Experience engaging on complex audits and collaborating with senior leadership across the organization to manage identified risk.
  • Experience extracting useful information from large data sets and presenting information for Executive reporting

The C&OR Specialist assists in engaging other C&OR officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of FLU/CF activities. This role assists in developing and maintaining a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The C&OR Specialist assists in preparing materials for C&OR regulatory exams/audits/inquiries and may assist with preparation for FLU/CF regulatory exams/audits/inquiries.

The C&OR Specialist is accountable for assisting the C&OR Team in the proactive identification, escalation and timely mitigation of compliance and operational risks through the execution of some or all of the following activities:

  • Assists in the development of independent risk management reporting for respective area(s) of coverage as input into governance and management routines
  • Contributes to the oversight of FLU/CF training which may include content development and/or tracking and communication of employee completion rates
  • Assists with the development and maintenance of C&OR owned policies and standards and/or the oversight of FLU/CF-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
  • Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage and maintains a comprehensive regulatory inventory; may support communication of regulatory changes to the FLU/CF and ensuring that policies, standards, procedures and/or processes are appropriately implemented or amended to address regulatory requirements
  • Assists in identifying, aggregating, reporting, escalating, inspecting and challenging remediation plans, and performing thematic analysis on FLU/CF-owned issues and control enhancements
  • Assists in remediating C&OR “owned” issues and control enhancements
  • Contributes to risk coverage plan development, executes independent risk monitoring, testing, and risk assessments, communicates results
  • Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
  • Supports the review and challenge of internal and external operational loss events, including development of remediation plans to strengthen controls
  • Assists with the development of risk metrics, monitors related performance and breach remediation


1st shift (United States of America)

Hours Per Week: 


Read Full Description
Confirmed 18 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles