Vice President, Insider Threat Investigations, Global Information Security,...

Job Description

Bank context : At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being a diverse and inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us

The Cyber Security Operations (CSO) function within Global Information Security enables the various businesses of Bank of America to conduct operations in a secure, trusted, and safe manner by defending the organization and our customers from cyberattacks. Insider Threat Investigators (ITI) within CSO investigates risks and protects against threats posed to the bank by insiders and works closely with peer teams across the enterprise to ensure comprehensive and proactive controls and monitoring are in place to detect and mitigate insider risks.

Insider Threat Investigator is responsible for conducting data analysis of insider threat auditing and monitoring software resources to detect and identify insider risk activities. In addition, they will be required to complete investigations by analyzing and verifying information through various investigative techniques, internal resources, and conversations/interviews with persons of interest. The role will also require regular collaboration with experts in and out of the team, both in country and in other regions, where excellent communication skills will also be necessary.

• Conduct investigations by analyzing and verifying information through various investigative techniques, internal resources, and conversations/interviews with persons of interest;
• Complete written reports in compliance with current reporting procedures and policies. Must have the ability to write detailed, concise, and accurate reports;
• Ability to manage high risk regional information security incidents by working in conjunction with response partners and other risk teams;
• Utilizing next generation tools and technology to conduct deep behavioral analytics assessments/ investigations with a focus on mitigating information security related insider threats;
• Ability to collect and analyze data from various applications to fulfill an investigation/support request(s)
• Document each stage of the investigation with clear & concise notes
• Effectively pivot communication style & verbiage based on audience (i.e. non-technical)
• Ability to collaborate well with other teams to drive resolution to an investigation, across multiple regions/countries
• Ability to effectively multi-task between several competing efforts
• Maintain an awareness of industry challenges and advancements to add value to enhancing processes & technologies

• 5+ years’ work experience with an insider threat focus or technical background that could be applied to understand key insider risk components
• Curiosity, diversity of thought, critical thinking, willingness to learn, and persistence to identify risk
• Methodical and systematical approach to utilizing technical tools, applications, etc.
• Familiarity with Splunk, ENCASE, CrowdStrike and other similar investigative and/or monitoring tools
• Exceptional written and verbal communication skills to various audiences
• Mindset of curiosity: not afraid to learn new things
• Excellent organizational skills to manage caseload, projects and ad hoc requests
• Experience in conducting complex investigations with an Insider Threat emphasis
• Knowledge in how to conduct computer forensics
• Familiarity with participating/driving incident response events

• An understanding of human behavior / human psychology or investigative background
• Technical experience with information security / data loss prevention tools or controls such as Intrusion Detection & Prevention technologies (IDS/IPS) and/or SIEM systems and other data correlation engines.
• Extensive experience in Splunk, ENCASE, CrowdStrike and other similar investigative and/or monitoring tools
• Certifications - Security+, Network+, CEH, CISSP, CCNA, CCNP, EnCE other cyber security related certifications
• Familiarity with sleuthing in OSINT
• Familiarity with working in cloud
• Networking/System administration experience
• Experience in scripting languages for databases
• Bachelor’s in computer science or related fields