The Compliance and Operational Risk (“C&OR”) Specialist assists the C&OR officer team in activities to contribute to the independent compliance and operational risk oversight of Front Line Unit or Control Function (“FLU/CF”) performance and any related third party/vendor relationships in alignment with the Global Compliance -- Enterprise Policy, the Operational Risk Management -- Enterprise Policy (collectively “the Policies”) and the Compliance and Operational Risk Management (“CORM”) Program and Standard Operating Procedures (SOPs).
The C&OR Specialist assists in engaging other C&OR officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of FLU/CF activities. This role assists in developing and maintaining a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The C&OR Specialist assists in preparing materials for C&OR regulatory exams/audits/inquiries and may assist with preparation for FLU/CF regulatory exams/audits/inquiries.
The C&OR Specialist is accountable for assisting the C&OR Team in the proactive identification, escalation and timely mitigation of compliance and operational risks through the execution of some or all of the following activities:
• Assists in the development of independent risk management reporting for respective area(s) of coverage as input into governance and management routines
• Contributes to the oversight of FLU/CF training which may include content development and/or tracking and communication of employee completion rates
• Assists with the development and maintenance of C&OR owned policies and standards and/or the oversight of FLU/CF-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage and maintains a comprehensive regulatory inventory; may support communication of regulatory changes to the FLU/CF and ensuring that policies, standards, procedures and/or processes are appropriately implemented or amended to address regulatory requirements
• Assists in identifying, aggregating, reporting, escalating, inspecting and challenging remediation plans, and performing thematic analysis on FLU/CF-owned issues and control enhancements
• Assists in remediating C&OR “owned” issues and control enhancements
• Contributes to risk coverage plan development, executes independent risk monitoring, testing, and risk assessments, communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Supports the review and challenge of internal and external operational loss events, including development of remediation plans to strengthen controls
• Assists with the development of risk metrics, monitors related performance and breach remediation
The Compliance and Operational Risk (C&OR) Specialist assists the C&OR officer team in activities to contribute to the independent compliance and operational risk oversight of Front Line Unit or Control Function (FLU/CF) performance and any related third party/vendor relationships in alignment with the Global Compliance -- Enterprise Policy, the Operational Risk Management -- Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management (CORM) Program and Standard Operating Procedures (SOPs).
The Cybersecurity Compliance and Operational Risk team (CyberCOR) serves as second line Risk Officers responsible for overseeing information security risk across the company. CyberCOR leaders are aligned by Global Information Security (GIS) control family to deliver a comprehensive risk-based approach for the proactive identification, management, mitigation and escalation of compliance and operational risks throughout the Company. Because Information Security is an Enterprise Area of Coverage, Cyber COR oversees information security risk managed by GIS and by the FLUs which comply with GIS requirements. This specialist will be aligned to the CyberCOR Cyber Security Defense Operations team. This team focuses on oversight of the Response & Recovery, Cyber Threat Intelligence, Cyber Threat Defensive Operations, and Cloud Defense GIS programs.
Independently monitoring, testing and assessing first line controls and control performance using second line tools to ensure information security risks are effectively managed
Reporting control performance formally through Risk Committees and to company leadership and external regulators through monthly/quarterly/annual GRM reporting
Opening Risk Identified Audit Issues (RIAIs) on the first line to resolve risks identified
Review and challenge of high severity first-line issue resolution ensure completeness and sustainability of RIAIs/AIAIs/SIAIs/MRAs
Advising the first line on their risk management to align with regulatory and Audit expectations
Minimum Years Business & Functional Experience: 5 Years Functional Experience
Experience in information security response/triage, cyber intelligence, or cloud security
•Experience transforming data into information and creating insight out of information.
•Ability to distill complex, technical issues into easy to communicate language
•At least five years experience in technology infrastructure, cybersecurity or devops role
• Strong written and verbal communication skills
• Strong organizational skills"
Required Skills: Minimum Years Business & Functional Experience: 5 Years Functional Experience
Degree Required: Bachelor’s Degree
1st shift (United States of America)
Hours Per Week:
At Bank of America, we’re creating real, meaningful relationships with individuals, businesses and communities to help them focus on what matters most. Every day, we connect with 57 million customers, using our skills and expertise to help make their lives better.
We are committed to attracting and retaining top talent around the world to ensure we continue to deliver ...