Identity & Access Management (IAM) Information Security Controls Specialist

Bank of America•Washington, DC

1d•Onsite

About The Position

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Global Information Security (GIS) is responsible for protecting the bank’s information systems, confidential and proprietary data, and customer information. GIS develops and executes the bank’s information security strategy, manages the enterprise security program, identifies and remediates vulnerabilities, and operates a global security operations center that monitors, detects, and responds to cybersecurity incidents. Within GIS, Identity & Access Management (IAM) ensures the right individuals have the right access to the right resources at the right time—across increasingly heterogeneous environments and within rigorous compliance standards. What You Can Expect in Identity & Access Management: In today’s connected ecosystem, safeguarding user identity is critical to the safety and success of our global workforce. The IAM team partners closely within Global Information Security, all Lines of Business, and second- and third-line functions. This highly visible role involves frequent engagement with senior leaders and key stakeholders. If you excel in dynamic, fast-paced, global environments and are passionate about modern security technologies, this is the place for you. You will collaborate with subject-matter experts, drive meaningful risk reduction, support operational excellence, and help strengthen the bank’s overall identity security posture. Role Overview: The IAM Info Security Controls Specialist analyzes, strengthens, and secures the company’s IAM systems and risk posture across End User Access Management and Application Services. This role collaborates across Lines of Business and Technology teams to continuously enhance access control compliance, improve governance programs, and ensure swift and accurate adherence to IAM Standards.

Requirements

5+ years of hands-on experience in identity and access certification within large, complex organizations.
3–5 years implementing IAM cloud solutions, controls, and capabilities.
Strong ability to articulate data-driven insights and partner effectively with stakeholders to drive risk reduction and compliance with IAM Standards.
Advanced analytical skills, strong attention to detail, and a background in Quality Assurance.
Excellent communication, presentation, and organizational skills with demonstrated ability to manage multiple priorities.
Proficiency in data management, metadata practices, and advanced data analysis.
Experience with Jira, Tableau, and SQL.

Responsibilities

Establish and maintain strong partnerships across GIS, Global Technology (GT), Cyber Security Technology (CST), Third Party Management, Global Compliance & Operational Risk (GCOR), internal audit, and external regulators; provide accurate and timely audit and regulatory responses.
Perform Quality Assurance (QA) activities to validate access control compliance, monitor control health, and support accurate and sustainable metrics reporting.
Monitor and support GT application adherence to IAM controls; manage governance programs, respond to program inquiries, maintain source-of-record updates, execute ARM ticket management, and ensure comprehensive program documentation.
Identify opportunities to de-risk IAM controls by analyzing current capabilities, detecting framework or process gaps, and recommending targeted enhancements aligned with enterprise security strategy.
Maintain high-quality QA documentation, audit artifacts, process workflows, and training materials to support transparency and repeatability.
Lead QA governance activities for End User Access Management and Application Services, ensuring alignment with IAM Standards and enterprise policies.
Manage and maintain exceptions to the IAM Standard, ensuring appropriate risk justification, approvals, and periodic recertification per governance protocols.
Ensure technology systems meet enterprise standards and fully comply with regulatory, legal, and risk requirements, escalating concerns as needed.
Support Software Development Life Cycle (SDLC) initiatives, including requirements validation, control testing, and providing risk-focused signoff for application changes prior to implementation.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume