Bank of America - Chicago, IL
posted 25 days ago
Full-time - Mid Level
Chicago, IL
Credit Intermediation and Related Activities
About the position
The Third Party Cyber Assurance (TPCA) Assessor at Bank of America is responsible for conducting comprehensive assessments of information security for third-party vendors. This role involves evaluating compliance with industry standards and corporate regulations, managing relationships with various stakeholders, and communicating assessment findings to senior leadership. The TPCA Assessor plays a critical role in ensuring that third-party vendors meet Bank of America's security requirements and helps mitigate risks associated with vendor relationships.
Responsibilities
- Evaluate a 3rd Party's information security risk to determine compliance with Bank of America requirements.
- Partner with 3rd Parties to prepare for assessments and clarify evidence requirements.
- Identify and escalate risks affecting 3rd Party information security policies and standards.
- Manage and maintain positive relationships with internal and external teams, including the Third Party Assessment Team and Business Information Security Officers.
- Support audit, compliance, or regulatory requests with timely responses.
Requirements
- Ability to objectively assess information from various sources and synthesize it for technical judgment.
- Previous experience in information technology/security audit or assessment is preferred.
- Technical skills in information security and business continuity, including Infrastructure Security, Access Management, and Application Security.
- Knowledge of IT Compliance, SOX Compliance, and Change Management.
- Solid understanding of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards.
- Ability to review endpoint protection and cloud implementation controls.
- Strong communication skills to interact with technology and business partners effectively.
- Excellent technical writing and verbal communication skills in English.
- Strong organizational and administrative skills to coordinate multiple assessments.
- Naturally inquisitive and eager to learn.
Nice-to-haves
- Information Security certifications such as ISO27002, CISSP, CEH, CISM, or CISA.
- Knowledge of NIST guidelines.
Benefits
- Health insurance
- Dental insurance
- 401k plan
- Paid holidays
- Professional development opportunities
- Flexible scheduling
