Sr. Cloud Security Controls Governance Manager

About the position

The Cloud Security Controls Governance Manager at Bank of America is responsible for implementing, managing, and governing security controls across multi-cloud environments, particularly focusing on Azure and AWS platforms. This role emphasizes the protection of organizational data and systems, requiring deep expertise in cloud security and architecture principles. The manager will oversee a team and collaborate with various departments to ensure the security of cloud-based applications and infrastructure, while also promoting a security-first culture within the organization.

Responsibilities

• Manages a team responsible for executing the cloud security reviews for bank managed cloud environments
• Provides oversight of internal and external stakeholder relationships, including Line of Business delegates and regulators, to mitigate and remediate information security risks
• Ensures Information Technology systems meet enterprise standards, adhere to applicable rules, laws, and regulations, and comply with appropriate treatment of risk
• Works with leaders to identify information security policy impacts to front line units
• Develop and implement security controls for cloud infrastructure (IaaS, PaaS, SaaS) based on industry best practices, compliance requirements, and bank security policies
• Ensure appropriate security measures are in place to protect against threats, vulnerabilities, and breaches in Azure and AWS environments
• Develop and maintain documentation for cloud security controls, policies, and procedures
• Monitor and evaluate the effectiveness of existing cloud security controls and recommend enhancements
• Conduct regular security assessments and audits of cloud environments to identify and mitigate potential security threats and vulnerabilities in cloud environments
• Participate in internal and external audits to demonstrate compliance with cloud security requirements
• Provide guidance and training to stakeholders on cloud security best practices and the implementation of security controls
• Act as a liaison between the security team and other departments to promote a security-first culture
• Collaborate with DevOps, IT, and business teams to integrate security controls into cloud deployments and CI/CD pipelines
• Stay current with emerging cloud security trends, technologies, and best practices
• Continuously improve security controls and processes to enhance the organization's security posture.

Requirements

• In-depth understanding of cloud security principles, best practices for Azure and AWS platforms, and industry frameworks such as OWASP Top 10, NIST, CSA, CIS benchmarks
• Experience building and implementing Infrastructure as Code and/or Policy as Code governance strategies
• Experience conducting security assessments, risk analyses, and developing security concepts
• Hands-on experience with cloud security tools and technologies such as AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and/or Wiz
• Extensive knowledge of security tools and technologies such as SIEM, IDS/IPS, DLP, firewalls, PKI, and identity management and how they work in cloud environments
• Experience with cloud and containerized technologies, AKS, EKS, ECS, serverless, Kubernetes and Docker
• Extensive knowledge of public cloud service providers and the threats to workloads within those environments
• Currently hold active AWS Security Specialty or Azure AZ-500 certification

Nice-to-haves

• Master's degree in Information Systems or Computer Science and/or equivalent combination of education and work experience within the domain areas of Cloud Security
• Relevant industry certifications such as ISC2 and SANS GIAC are highly desirable
• Strong communication and interpersonal skills to work effectively with cross-functional teams
• Ability to manage multiple projects and priorities in a fast-paced environment
• Bachelor's degree in Information Systems or Computer Science and/or equivalent combination of education and work experience within the domain areas of Cloud Security

Benefits

• Industry-leading benefits
• Access to paid time off
• Resources and support for employees to make a genuine impact
• Contribute to the sustainable growth of the business and communities served