Privileged Access Management (PAM) Sr. Analyst

Bank of America•Washington, DC

2d•$140,000 - $200,000•Onsite

About The Position

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work and providing a culture of caring is core to how we drive Responsible Growth. We are intentional about fostering an inclusive workplace where every teammate has the opportunity to succeed, build a career and contribute to our shared success. This includes attracting and developing exceptional talent, recognizing and rewarding performance, and supporting our teammates’ physical, emotional, and financial wellness through affordable, competitive and flexible benefits. We value the unique perspectives individuals bring from all backgrounds and career paths - whether shaped by military service, community college education, or a wide range of work and life experiences. These journeys foster resilience, leadership and innovation, strengthening our workforce and positively impact the communities we serve. Bank of America is committed to an in-office culture that supports collaboration, engagement, and career development. Our approach includes clear in-office expectations, while providing an appropriate level of flexibility based on role-specific responsibilities and business needs. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Position Summary: Establish and maintain strong partnership with other Global Information Security (GIS) functions, Core Technology Infrastructure (CTI), Cyber Security Technology (CST), Third Party management, Global Compliance and Operations Risk (CGOR), internal audit, and regulatory agencies. Influence technology and PAM tools owners to build/implement enhanced PAM solutions that are efficient, effective, and modern and able to result in material risk reduction in sustainable manner. Collaborate with stakeholders to develop PAM requirements that iteratively support long term PAM modernization and transformation (covers Process, Data and Technology aspects). Engage with Product Managers and Senior Architects to comprehend the strategic PAM technology roadmap, which dictates the need for modernized security principles. Consult with the business to identify gaps and governance issues, leveraging own domain expertise to find effective solutions. Clearly articulate reasons and methods behind proposed changes through informative materials for educating others. Provide education to team members and technology partners regarding the proposed changes. Partners with the policy governance team for socialization and publication of proposed changes to the PAM Standard Takes accountability for addressing PAM risks. Proactively identify risk and ways to continuously enhance and improve BAC’s PAM controls. Implement and take decisive actions in finding solutions. Drives towards intended outcomes. Engage senior management to provide factual, transparent, and timely reporting on existing and emerging PAM or information security risks. Active participation in GIS IAM/PAM forums including but not limited to Monthly IAM Stakeholder Forum and Control Owner Forum for standard and Single Process Inventory (SPI) enhancements. Supports audit issues for closure and sustainability.

Requirements

10 years relevant hands-on experience in PAM with at least of 5 years of management experience
Extensive knowledge and understanding of PAM-specific laws, rules, and regulations within the financial services sector.
Understanding and interpreting BAC’s established information security Policy, Standards, Procedure and Guides, and applying this knowledge to related PAM decisions and response.
Serve as the Subject Matter Experts in advising BAC business and technology counterparts on effective ways to achieve or exceed compliance with applicable Policy, Standards, Procedures and Guides
Proficient in implementing and governing Risk and Role based access security controls.
Extensive experience in managing Active Directory to enforce privileged access controls.
Ability to influence cloud technology owners to build more secure processes.
Strong understanding and risk management mindset, proactively mitigating PAM related risks.
Familiarity with security standards such as NIST, ISO/EC, FFIEC.
Expert level knowledge of privileged access management methodologies and techniques for on-prem and Cloud implementation.
Deep security knowledge which covers core technology infrastructure (network, storage, servers, databases, etc.) identity management and application security practice.
Deep experience with Linux, Windows, Cloud scale Identity, Access Management (Single Sign-On, Multi Factor Authentication), Authorization services or design and architecture of PAM services
Expert level knowledge of authentication platforms such as Active Directory, LDAP, Kerberos, LDAP, Radius.
Deep knowledge on Federation platforms or protocols such as Oauth, OpenID, SAML, WS-Fed, etc.

Nice To Haves

Possession of CISSP certification would be an advantage.
Expert knowledge of PAM related tools which support session proxy, vaulting, just-in-time provision, integration with service management tool would be an advantage.
Working level experience with IAM platforms such as Ping Identity, Active Directory OpenLDAP, OpenDJ.
Experience in consumption of Web Service APIs such as JSON / XML
Hand on experience and proficient with AWS, Azure, GCP, and/or Cloud Technologies will be an advantage.
Proficient in articulating facts and data-driven plans and to partner with stakeholders to implement intended solutions to drive risk reductions and adherence to PAM standards.
Strong attention to detail and advanced analytical skills.
Excellent communication and presentation skills.
Excellent organizational skills and be able to effectively prioritize multiple tasks
Hands on experience and involvement in large and complex projects
Proficient in data management which includes strong data analytical capability with advanced understanding of the collection and management of metadata
Efficient in motivating, engaging, and leveraging other teams and business partners to efficiently deliver business solutions.
Proven track record of influencing and relationship management skills.
Proficient in Microsoft Office suite of products with ability to quickly analyze and synthesize large volumes of data
Pro-active and able to drive direction of work that needs to be completed, ability to work independently on initiatives with little oversight.
Motivated and willing to learn.
Confident and effective in delivering messages across a wide spectrum of individuals with varying degrees of technical and business understanding
Deep knowledge of bank financial practices and policies and ability to adapt to fast changing environment
Knowledge of Compliance Certifications such as SOX, SOC, SOC2.

Responsibilities

This role reports directly to the Technology Executive for Authentication, Privilege Access Management Service and Cloud IAM.
This role is primarily responsible for ensuring that relevant Privileged Access Controls are adequately enforced across platforms and applications to comply with IAM Standard.
Partner with PAM Governance leads to ensure that Privileged Access Controls are appropriately measured, reported and governed.
Appropriately assess Privileged Access risk when business and technology decisions are made, demonstrating risk management mindset and practices to safeguard BAC’s reputation, its clients, and assets by driving compliance with applicable laws, rules, and regulations, adhering to BAC Policy and Standards.
Monitors industry information security and PAM trends and engages peer organizations to refine and enhance BAC’s PAM strategy.
Apply industry PAM best practices, templates, and documentation while also proposing improvements based on practical knowledge.
Provide extensive Active Directory security best practices and consultation to the cross functional teams, ensuring compliance with IAM standards, and better protect privileged accounts against cyberattacks.
Develop new PAM requirements and cloud-based security solutions and govern cloud identities.