Description

Job Description:

About Us

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.
Being a Great Place to Work and providing a culture of caring is core to how we drive Responsible Growth. We are intentional about fostering an inclusive workplace where every teammate has the opportunity to succeed, build a career and contribute to our shared success. This includes attracting and developing exceptional talent, recognizing and rewarding performance, and supporting our teammates' physical, emotional, and financial wellness through affordable, competitive and flexible benefits.
We value the unique perspectives individuals bring from all backgrounds and career paths - whether shaped by military service, community college education, or a wide range of work and life experiences. These journeys foster resilience, leadership and innovation, strengthening our workforce and positively impact the communities we serve.
Bank of America is committed to an in-office culture that supports collaboration, engagement, and career development. Our approach includes clear in-office expectations, while providing an appropriate level of flexibility based on role-specific responsibilities and business needs.
At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Global Business Services

Global Business Services delivers Technology and Operations capabilities to Lines of Business and Staff Support Functions of Bank of America through a centrally managed, globally integrated delivery model and globally resilient operations.

Global Business Services is recognized for flawless execution, sound risk management, operational resiliency, operational excellence, and innovation.

In India, we are present in five locations and operate as BA Continuum India Private Limited (BACI), a non-banking subsidiary of Bank of America Corporation and the operating company for India operations of Global Business Services.

Process Overview*

The Business Management and Controls organization enables business delivery on all GT functions including strategy, AIT Management, workspace management, workforce governance, employee engagement, risk management, application security and vulnerability assessments, portfolio governance and integrated reporting. Additionally the team also provides support on enhanced approvals for resource requisitions, campus hiring program and global mobility.

Job Description*.

This role reviews high‑risk security exceptions such as access to blocked websites, proxy or IAM control bypasses, and SSL inspection exclusions. The role assesses business need versus security risk, understands architecture, network and SDLC flows, ensures proper compensating controls, partners with security and risk teams, maintains audit‑ready documentation, tracks trends, and supports informed, time‑bound risk decisions.

Responsibilities*
Key responsibilities include:

• Review and assess high‑risk security and access exceptions, including:
  • Access to critical or high‑risk blocked websites
  • Proxy authentication bypass requests
  • IAM control deviations (authentication, authorization, MFA, service identities)
  • SSL/TLS content inspection exclusions
• Perform end‑to‑end risk analysis by evaluating architectural flows, network paths, identity boundaries, and trust relationships
• Assess the impact of bypassing enterprise security controls, including changes to attack surface, data exposure risk, and monitoring gaps
• Translate technical control deviations into clear business‑level risk statements aligned to regulatory and security standards
• Validate that exception requests are justified, time‑bound, least‑privileged, and aligned to documented business requirements
• Evaluate the adequacy of compensating controls (network restrictions, enhanced logging, multi factor authentication, monitoring, expiry enforcement)
• Partner with GIS, Software owners, Application teams, Network engineering teams, and Risk stakeholders to ensure informed decision‑making
• Apply SDLC and environment awareness (DEV, SIT, UAT, PROD) when evaluating risk tolerance and enforcement expectations
• Drive remediation plans or architectural fixes to reduce reliance on repeated or long‑term exceptions
• Track and facilitate closure or renewal of exceptions with defined ownership, rationale, and expiry timelines
• Identify portfolio‑level trends and systemic risks, such as recurring control bypasses or accumulating residual risk
• Publish and maintain risk dashboards and management metrics (exception aging, high‑risk exposure, control gaps)
• Ensure all exception decisions are audit‑ready, well‑documented, and compliant with AIT and enterprise security standards
• Promote a strong enterprise risk culture, reinforcing that exceptions are temporary, risk‑owned decisions

Requirements

Education•

• Any Graduation / Post Graduation

Experience Range•

• 15 to 20 years

Foundational skills*

• In‑depth understanding of security control objectives and the risks of control bypass
• Strong knowledge of:
• Proxy architectures and internet access controls
• IAM controls and identity risk scenarios
• SSL/TLS encryption and content inspection concepts
• Ability to analyze architectural diagrams, data flows, and control touchpoints
• Risk‑sensitive mindset with the ability to identify, escalate, and document high‑impact security risks
• Excellent written and verbal communication skills suitable for governance, audit, and senior stakeholders
• Experience producing clear exception rationale, risk statements, and mitigation documentation
• Ability to manage multiple exception cases across portfolios while meeting governance timelines
• Commitment to continuous learning in emerging threats, security architectures, and enterprise risk practices
• Relevant information security certification preferred:
• CISSP, CISA, CSSLP, CEH, or equivalent

Desired skills*

• Ability to articulate complex technical risks in a clear, concise, and defensible manner
• Proven experience collaborating with cross‑functional teams (Security, Architecture, Development, Risk, Compliance)
• Strong analytical and decision‑making skills grounded in facts, evidence, and risk impact

Work Timings*:
11.30 AM to 8.30 PM IST (Need to be flexible as per business need)

Job Location*: Chennai / Hyderabad