Pre Assessment Risk Analyst

Job Description: At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Job Description: The Third Party Cyber Assurance (TPCA) function within Global Information Security is responsible for oversight of third party security programs, including assessing third party security programs and maximizing protections for all aspects of security for the third party landscape. The TPCA Pre Assessment Risk Analyst team member will assist in assessment scope determination, meeting with Enterprise Vendor Managers and Third Party Subject Matter Experts (SME’s) to prepare them for the assessment, documentation collection (e.g. TruSight or vendor provided policies/procedures) and preparation of assessment work-papers. Your primary responsibility will be to ensure each third party is prepared for the assessment and gather an understanding of the third party security risk environment. You will interact regularly with Enterprise Vendor Managers and Third Parties and act as single point of contact to prepare the Third Party for the assessment and while answering detailed risk questions. You will engage with the Third Parties security team to understand their control environment, control strength, and review information security policies/procedures for completeness. Based upon your meetings, you will populate the assessment workpapers with detailed information for the third party assessors to document gaps and determine remediation approaches. Required Qualifications • 1 year of experience in Information Security or Risk Management • Outstanding verbal and written communication skills • Ambitious, disciplined, hardworking, resilient and willing to learn • Risk management focused with a passion for excellence and positive team attitude • Ability to think logically • Highly organized and project management skills • Strong time management skills Desired Qualifications • Bachelor's degree in Information Technology, Information Security or related field • Strong analytical skills/problem solving/conceptual thinking • Ability to work with technical and non-technical business owners • Optional Certifications: CISSP (ISC2), CISA, CRISC, CISM (ISACA), CCIE (Cisco), TOGAF, CCTA (McAfee), CCFP (ISC2). Skills: • Critical Thinking • Data Privacy and Protection • Information Systems Management • Problem Solving • Technology System Assessment • Business Continuity Management • Customer and Client Focus • Cyber Security • Oral Communications • Solution Delivery Process • Access and Identity Management • Architecture • Consulting • Encryption • Vendor Management Shift:1st shift (United States of America) Hours Per Week:40