Information Security Transformation Lead – Data Leakage Prevention Chicago, Illinois;Charlotte, North Carolina **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (https://ghr.wd1.myworkdayjobs.com/Lateral-US/job/Chicago/Information-Security-Transformation-Lead---Data-Leakage-Prevention\_25037338) **Job Description:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! **Job Description:** The Information Security Transformation Lead willdrivethe design, integration, and execution of enterprise-wide transformation initiatives to strengthen data protection and data security capabilities within the Data Loss Prevention (DLP) organization. The role spans all DLP channels — endpoint, network, cloud, email, internet, and data at rest — ensuring the program evolves to meet advanced threats, regulatory requirements, and strategic business needs. This highly technical position demands deep expertise in information security architecture, engineering, and threat detection with a proven track record in implementing modern, scalable, and secure data protection capabilities. The Transformation Lead serves as the strategic and technical lead for DLP transformation, ensuring the DLP organization delivers best-in-class data protection capabilities across all channels. Key Responsibilities + Own the DLP transformation roadmap for data protection and data security across all channels, aligning with enterprise information security architecture and DLP strategy. + Conduct deep technical assessments of DLP and adjacent security capabilities, identifying architecture, tooling, and process gaps. + Partner with control owners to develop functional and non-functional requirements for new capabilities, ensuring alignment to threat models and compliance requirements. + Architect and guide the delivery of integrated data protection solutions, incorporating DLP tooling, encryption, cloud-native controls, and internet security capabilities. + Develop and maintain threat models for data exfiltration and insider threat scenarios, mapping to frameworks such as MITRE ATT&CK. + Oversee technical design for secure internet traffic inspection, advanced policy enforcement, and automation for faster detection and response. + Ensure all transformation efforts meet regulatory, audit, and security policy standards (e.g., NIST 800-53, FFIEC, GDPR, CCPA). + Act as a trusted advisor to GIS, CTO, and enterprise stakeholders on advanced data protection strategies and engineering practices. + Provide clear executive-level reporting on transformation progress, security posture improvements, and program maturity. Required Qualifications + Minimum of 7 years of information security expertise in architecture, engineering, and operations, with focus areas in: + DLP across endpoint, network, email, cloud, and data at rest + Internet protocols, proxy and gateway security, firewall policy design + Cloud security architectures and SaaS data protection + Encryption, key management, and secure data handling + Proven experience integrating data protection solutions with SIEM, SOAR, CASB, EDR/XDR, IAM, and secure web gateways. + Strong capability in threat modeling and translating results into security architecture changes. + Understanding of regulatory and industry standards for high-risk data in financial services and other regulated environments. + Ability to lead technical design reviews and challenge architectural decisions to ensure security-by-design. + Exceptional relationship management and influence skills across complex, global organizations. Desired Qualifications + Security certifications such as CISSP, CCSP, CISM, or GIAC. + Automation and scripting skills (Python, PowerShell, etc.). + Experience in AI-assisted anomaly detection for data security. + Background in financial services or similarly regulated industries. **Skills:** + Cyber Security + Data Privacy and Protection + Problem Solving + Process Management + Threat Analysis + Access and Identity Management + Business Acumen + Interpret Relevant Laws, Rules, and Regulations + Risk Analytics + Stakeholder Management + Data Governance + Data and Trend Analysis + Incident Management + Information Systems Management + Technology System Assessment **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. To view the "Know your Rights" poster, CLICK HERE (https://www.eeoc.gov/sites/default/files/2023-06/22-088\_EEOC\_KnowYourRights6.12.pdf) . View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) . Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank’s required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.