Third Party Information Security Assessor

  • Competitive
  • Camberly, England, United Kingdom Camberly England GB
  • Permanent, Full time
  • Bank of America Merrill Lynch
  • 21 Aug 18 2018-08-21

Third Party Information Security Assessor

Job Description:
Corporate Title: Up to Vice President (Up to VP)
Location: Camberley
Line of Business: Global Information Security (GIS)

Are you passionate about working with the best information security team in the world? We are currently hiring top talent to join our team.

The Third Party Information Security (TPIS) function within Global Information Security is responsible for oversight of third party security programs, including assessing and improving protections for all aspects of security for the third party landscape.

You will conduct audits of our vendors, either through a remote format or by travelling to vendor site. Our vendor's locations are mainly in the UK but there are also a number across Europe, and occasionally outside Europe in locations such as Israel and the UAE. You will be required to travel for 2-3 day periods a minimum of 2-3 times a month. You will have a good information security background with an interest in risk.

What will your main responsibilities involve?

  • The Onsite Third Party Assessor will take the bank's Information Security standards and put them into an externally facing format
  • You will then use this to conduct information security and business continuity assessments of vendors providing services to Bank of America
  • These audits will take a number of forms, from remote audits where you will send a questionnaire to vendors, to travelling to the vendor site and formally testing systems alongside the vendor
  • You will prepare reports based on your findings and compare results with your colleagues to decide on next steps
  • To succeed in this role, you should be highly motivated and possess good, hands-on, technical knowledge of a wide range of information security and business continuity controls and the processes used for evaluating their design and effectiveness
  • You should also possess solid written and verbal communication skills including ability to communicate clearly and concisely to various levels, up to and including executive level management, and explain the need for key controls to technical and non-technical resources

What skills and qualifications will you ideally possess?

  • Technical skills include the domains of information security and business continuity including:
  • Information Security Controls (Infrastructure Security, Access Management, Physical Security, Application Security, etc.)
  • IT Compliance, SOX Compliance
  • Change Management
  • Enterprise Risk Management
  • Solid grasp of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards

  • Previous information technology/security audit/assessment experience is helpful
  • Ability to demonstrate attention to detail and analytical skills
  • Ability to multi-task and work both independently as well as part of an assessment team
  • Ability to plan, execute and document assessment activities following established processes and procedures
  • Minimally, CISSP and/or CISA certifications are required as well as experience in information security or business continuity
  • Be able to travel up to 50% of the time

About Bank of America Merrill Lynch

Bank of America is one of the world's leading financial institutions, serving individual consumers, small- and middle-market businesses, large corporations and governments with a full range of financial and risk management products and services. Bank of America Merrill Lynch is the marketing name for the global banking and markets businesses.
The company has had a presence in EMEA since 1922. With offices in 23 countries on three continents, it offers an integrated and comprehensive set of products and services across Global Corporate and Investment Banking, Global Markets and Consumer Card, serving the needs of individual, corporate, institutional and government clients, combining the best of local knowledge and global expertise. Developing solutions for social and environmental challenges is at the core of Bank of America Merrill Lynch's responsibility platform. In more than 90 countries around the world, we partner with employees, clients and stakeholders to help make financial lives better.


If you're interested in this opportunity please send your details to us by applying online.
Good conduct and sound judgment is crucial to our long term success. It's important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mindset are the cornerstones of our Code of Conduct and are at the heart of managing risk well.
We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio-economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience.
As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment.