Privileged Access Management; PAM Sr. Specialist

* Job Description* *

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in‑office culture with specific requirements for office‑based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role‑specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

• This role reports directly to the Technology Executive for Authentication, Privilege Access Management Service and Cloud IAM. This role is primarily responsible for ensuring that relevant Privileged Access Controls are adequately enforced across platforms and applications to comply with IAM Standard.
• Partner with PAM Governance leads to ensure that Privileged Access Controls are appropriately measured, reported and governed.
• Appropriately assess Privileged Access risk when business and technology decisions are made, demonstrating risk management mindset and practices to safeguard BAC's reputation, its clients, and assets by driving compliance with applicable laws, rules, and regulations, adhering to BAC Policy and Standards.
• Monitors industry information security and PAM trends and engages peer organizations to refine and enhance BAC’s PAM strategy.
• Apply industry PAM best practices, templates, and documentation while also proposing improvements based on practical knowledge.
• Provide extensive Active Directory security best practices and consultation to the cross functional teams, ensuring compliance with IAM standards, and better protect privileged accounts against cyberattacks.
• Develop new PAM requirements and cloud‑based security solutions and govern cloud identities.
• Establish and maintain strong partnership with other Global Information Security (GIS) functions, Core Technology Infrastructure (CTI), Cyber Security Technology (CST), Third Party management, Global Compliance and Operations Risk (CGOR), internal audit, and regulatory agencies.
• Influence technology and PAM tools owners to build/implement enhanced PAM solutions that are efficient, effective, and modern and able to result in material risk reduction in sustainable manner.
• Collaborate with stakeholders to develop PAM requirements that iteratively support long term PAM modernization and transformation (covers Process, Data and Technology aspects).
• Engage with Product Managers and Senior Architects to comprehend the strategic PAM technology roadmap, which dictates the need for modernized security principles.
• Consult with the business to identify gaps and governance issues, leveraging own domain expertise to find effective solutions.
• Clearly articulate reasons and methods behind proposed changes through informative materials for educating others.

• Provide education to team members and technology partners regarding the proposed changes.
• Partners with the policy governance team for socialization and publication of proposed changes to the PAM Standard
• Takes accountability for addressing PAM risks. Proactively identify risk and ways to continuously enhance and improve BAC's PAM controls. Implement and take decisive actions in finding solutions. Drives towards intended outcomes.
• Engage senior management to provide factual, transparent, and timely reporting on existing and emerging PAM or information security risks.
• Active participation in GIS IAM/PAM forums including but not limited to Monthly IAM Stakeholder Forum and Control Owner Forum for standard and Single Process Inventory (SPI) enhancements.
• Supports audit issues for closure and sustainability