Sr. Information Security Officer - Generative Artificial Intelligence Chicago, Illinois;Jersey City, New Jersey; Charlotte, North Carolina; Denver, Colorado **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (https://ghr.wd1.myworkdayjobs.com/Lateral-US/job/Chicago/Sr-Information-Security-Officer---Generative-Artificial-Intelligence\_25035789) **Job Description:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Sr. Information Security Officer - Gen AI will be a member of the Business Information Security Office (BISO) residing within the Global Information Security (GIS) organization. In this role you will work closely with the line of business, their Chief Operating Officer (COO) and supporting technology teams from the Chief Information Officer (CIO)/Chief Technology Officer (CTO). This job is responsible for partnering with senior leaders to balance the needs of the business while ensuring information security risk are appropriately identified and managed to mitigate risk to the organization and drive uncompromising cyber security protection. The role will also support a group/team to develop a deep understanding of the business to lead specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities and enable you to provide guidance on information security topics, policies, and controls. Job expectations include acting as an integrated business partner with cross-functional senior leaders to provide blended security and business expertise to ensure appropriate business management of information security risks. This position will be integral to activities establishing and maintaining a strong security posture with respect to Generative Artificial Intelligence (AI) applications and workloads both internal and external to Bank of America. **Key Responsibilities in order of criticality:** • Leads cybersecurity risk assessments of Generative AI use cases, including assessment of the inherent risk and control effectiveness • Guides business leaders and technology organizations on initiatives requiring Global Information Security engagement and/or manage problem resolution on cyber security related issues • Serves as a common risk control partner to identify emerging security risks in the portfolio • Drives adherence and appropriate risk tolerance levels, operating in accordance with the information security policies defined to protect against threats to data confidentiality, integrity, and availability • Promotes awareness of current and emerging cybersecurity threats and advise on potential information security exposure • Facilitates risk reviews across logical and physical boundaries to identify gaps and recommend secure designs • Interprets the information security requirements outlined in policy, standards and procedures as well as reinforces requirements through education and awareness • Leads as a "security ambassador" to help business leaders drive strategic and innovative risk mitigation priorities and navigate the Global Information Security organization **Required Qualifications:** • 8+ years of experience in cybersecurity, with at least 2 years focused on cyber assessment of Artificial Intelligence or Machine Learning systems • A deep understanding of Generative AI/Large Language Models and assessment frameworks including MITRE ATLAS, OWASP Top 10 for LLM and GenAI, and NIST AI RMF • In-depth knowledge of cybersecurity threats, controls and technologies, with a deep understanding/experience with software developer experiences to bridge the gap between the theoretical and practical application • Ability to apply knowledge of internal and external information vulnerabilities to evaluate the degree of threat to an information system and answer tactical questions about current operations, predict future behavior or recommend appropriate mitigation countermeasures • Ability to manage and design controls that may contribute to a remediation plan developed to address policy, technology, environmental, and/or operational gaps • Ability to bring multiple stakeholders together, including senior business and technology leaders, and cut to the heart of issues to reach consensus • Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input, and when to act independently • Bias for action and a commitment to build partnerships in a dynamic risk & threat driven environment • Strong interpersonal skills; ability to make effective presentations and communicate technical concepts to non-technical parties • Ability to identify, measure, monitor, and control risk as part of daily business activities, with a focus on specific risk types (e.g., Strategic, Credit, Market, Liquidity, Operational, Compliance, Reputational) • Ability to design, architect, analyze, support, and secure cloud-based workloads • Excellent communication, influencing and facilitation skills **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. To view the "Know your Rights" poster, CLICK HERE (https://www.eeoc.gov/sites/default/files/2023-06/22-088\_EEOC\_KnowYourRights6.12.pdf) . View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) . Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank’s required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.