Cyber Vulnerability Identification QC; Quality Control Analyst

Cyber Vulnerability Identification QC (Quality Control) Analyst

Join to apply for the Cyber Vulnerability Identification QC (Quality Control) Analyst role at Bank of America
.

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. We are committed to an in‑office culture with specific requirements for office‑based attendance and flexibility based on role‑specific considerations.

This position will be a member of the GIS Vulnerability Identification Assurance (VIA) Vulnerability Identification QC (Quality Control) team. In this role, you will help implement, manage, and monitor the effectiveness of infrastructure vulnerability identification efforts to protect the confidentiality, integrity, and availability of the line of businesses’ information assets, primarily developing and implementing enhanced QC routines for remediation validation. You will analyze, improve, implement, and execute security controls proactively to prevent external threat actors from infiltrating company information or systems.

This role is responsible for establishing processes and controls to monitor CVE‑based vulnerabilities and associated risk on technology where we do not have GIS tools for automated scanning. You will work with stakeholders, Product Owners and Software Engineers to aid in the implementation of data requirements, analyze QC performance, conduct QC related research and troubleshoot any issues.

• Analyze findings from vulnerability reporting work streams, performing targeted QC on the vulnerabilities reported and QC around scope of inventory assessed.
• Review current vulnerability detection processes for ways to streamline and improve efficiency.
• Respond to requests from stakeholders for investigation of potential technology‑based identification reporting issues.
• Perform incidental duties and special assignments as needed.
• Lead effective and sustainable activities associated with required VAI QC’s technology‑based identification P2 closures evaluations.
• Support the expansion of technology‑based identification activity for GIS.
• Support the expansion of QC to cover workstation and ATM vulnerabilities, which are fed from non‑GIS teams today.

• 3–5+ years of experience in information security and/or data management roles.
• 3–5+ years of experience with vulnerability management and/or assessment.
• Experience with CVE vulnerability analytics and CVE‑based vulnerability identification and risk analysis.
• Strong experience explaining analytics in plain English and communicating associated risk to business lines.
• Ability to see the larger picture across teams and build consensus to drive results.
• Demonstrated ability to work independently with minimal supervision to achieve assigned goals.
• Ability to review and analyze QC data to determine overall risk.
• Broad technical background utilizing security technologies such as server and workstation OS, network security, vulnerability scanning engines, compliance management solutions.
• Strong PC skills including Microsoft Office applications.

• Bachelor’s or Master’s degree in Computer Science, Information Technology or related field.
• Strong analytical, problem‑solving and conceptual thinking skills.
• Excellent communication skills, conveying technical concepts to non‑technical stakeholders.
• Experience with internal efficiencies projects and development.

This position will be open for applications for at least seven days from the posting date.

Shift: 1st shift (United States of America)

Hours Per Week: 40

Seniority Level: Mid‑Senior level

Employment Type: Full‑time

Job Function: Other

Industry: Banking