Global Information Security Regulatory Management Specialist

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work and providing a culture of caring is core to how we drive Responsible Growth. We are intentional about fostering an inclusive workplace where every teammate has the opportunity to succeed, build a career and contribute to our shared success. This includes attracting and developing exceptional talent, recognizing and rewarding performance, and supporting our teammates’ physical, emotional, and financial wellness through affordable, competitive and flexible benefits.

We value the unique perspectives individuals bring from all backgrounds and career paths - whether shaped by military service, community college education, or a wide range of work and life experiences. These journeys foster resilience, leadership and innovation, strengthening our workforce and positively impact the communities we serve.

Bank of America is committed to an in-office culture that supports collaboration, engagement, and career development. Our approach includes clear in-office expectations, while providing an appropriate level of flexibility based on role-specific responsibilities and business needs.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Policy Regulatory Management Specialist represents Global Information Security (GIS) while working with Compliance, Risk, Legal, FLU's and Enterprise functions, consulting on all regulations with Global Information Security applicability. Expected to read published laws rules regulations and guidance’s (LRRGs), understand how they apply to GIS and map them to GIS policy. Maintain the inventory of LRRGs and mappings in the system of record and update the mappings as needed when policy language changes. Must be able to assess regulatory requirements against GIS policy, controls and assessment proof points. Drive action plans to address any regulatory gaps and ensure accurate risk and compliance reporting. Will work closely with subject matter experts including GIS Policy, Risk, Audit, Lines of Business, Legal, Compliance and external regulators as needed.

Responsibilities

• Ensure Laws, Rules, Regulations, and Guides (LRRGs) within the GIS inventory are effectively mapped to GIS policies, with any gaps identified, validated, and remediated to maintain full coverage of regulatory requirements, industry standards, and best practices. Conduct impact assessments for GIS policy changes (including standards and baselines) to ensure continued alignment with LRRGs, and evaluate Policy Exception Types to prevent unintended policy violations.
• Maintain accurate LRRG-to-policy mappings within the system of record through consistent BAU and QA routines, and deliver routine reporting on the regulatory landscape and key metrics. Sustain up-to-date process documentation and playbooks to enable operational consistency and efficiency.
• Apply strong analytical thinking and collaboration to continuously enhance the GIS Policy Governance ecosystem. Leverage technical and business expertise to ensure policy language gaps are addressed with aligned controls. Operate as a results-driven, business-focused partner, effectively engaging across organizational levels while demonstrating knowledge of information security practices, including governance, design, implementation, and oversight of security solutions.

Required Qualifications

• 5 years of experience operating within an information security environment.
• Ability to identify, analyze and address problems to resolve issues whenever possible in a way that minimizes negative impact and risk to the organization
• Strong critical thinking/analytical skills/problem solving/conceptual thinking
• Highly effective written and verbal communication skills.
• Microsoft Office Proficient (Excel, Word, Outlook, Visio, PowerPoint, etc.)
• Ability to communicate complex information in simple terms (oral and written)
• Strong organization skills with the ability to prioritize requests and workload accordingly
• Strong analysis and fact-based decision-making
• Strong leadership skills and qualities which enable you to work with peers and various levels of management
• Proven ability of risk oriented approach and Strong risk management acumen.
• Influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding
• Ability to work independently on initiatives with little oversight.
• Motivated and willing to learn.
• Quick learner and self-starter

Desired Qualifications

• Bachelor's degree in Information Technology or related field
• Prior Governance, Compliance, and or Audit experience desired.
• Broad awareness of information security operations and/or enterprise information technology (Enterprise data management, application development, network management).
• Familiarity with independent audit, assessment, QA/QC functions desired.
• Leadership competency in geographically diverse matrixed environment.
• Must be comfortable communicating technology impacts and risk to various levels of executive management understanding the need to tailor and deliver appropriate content for given audience.
• Ability to work with Technical and Non-Technical business owners
• Experience with Project Management or working with Project Managers

Skills:

• Customer and Client Focus
• Interpret Relevant Laws, Rules, and Regulations
• Policies, Procedures, and Guidelines
• Problem Solving
• Quality Assurance
• Business Acumen
• Controls Management
• Innovative Thinking
• Process Management
• Stakeholder Management
• Business Process Analysis
• Data Governance
• Data Privacy and Protection
• Data and Trend Analysis
• Risk Analytics

Shift:

1st shift (United States of America)

Hours Per Week:

40