Sr. Information Security Architect
- Full Time
The Senior Information Security Architect will be a member of the Business Information Security Officer's (BISO) – Secure Solutions Design team and work closely with the line of business technical and project teams to deliver strategic projects.
The role participates and guides the development of a system architectures and conducts security and business information flow studies. Provides integrated systems reviews and recommends new or different technologies that will enhance current system security and support overall corporate and business goals. Conduct system architecture security studies of new and existing IT systems to ensure systems operate within Bank of America's security policies. Recommends design components to secure the system and align with Global Information Security policies and risk tolerance. Interfaces with vendors, consultants, and senior technologists to support the business indicatives and goals.
Serves as a fully seasoned/proficient technical security resource; accountability is for technical and security knowledge and capabilities as a team member or as an individual contributor. Will not have direct reports but will influence and direct activities of a team related to special initiatives or operations. Typically 7 or more years of Information Security and IT experience
Expertise in creation and review of technical diagrams of infrastructure and data flow diagram using Visio.
Expertise in creation of threat models using STRIDE methodology using Microsoft Threat Modeling Tool or comparable tools.
Domain expertise in virtualization and containers.
Experience with various enterprise technology domains such as cloud (Azure, AWS, GCP), networking, cryptography, and identity and access management.
Capable of creating documentation to articulate the results of the system architecture security studies.
Ability to educate teams on Global Information Security policies and the risks of non–compliance.
Strong communications, writing, and presentation skills
Industry recognized Information Security certifications – CISSP, CISM, CRISC, CISA, CCSP, CCSK or any other well recognized vendor specific certifications
Experience in using other similar threat modeling tools and methodologies.
1st shift (United States of America)
Hours Per Week: