Incident Response

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us

Incident Management is part of the Response and Recovery whose aim is to respond to an incident in the manner that will reduce the impact and risk to the organization as much as possible. The Incident Manager will be required to take charge of Information Security events and incidents as they occur and co-ordinate and work collaboratively with colleagues across the business to resolution.

**Responsibilities**:

- Establish oversight of information security events and incidents and communicate analysis, containment and remediation efforts to all business partners.
- Incident response and recovery plans will be available to use and should be maintained by the team. Any issues that require management escalation will be expected to be completed in a timely manner including all appropriate information in relation to risk and action times.
- The Incident Manager will be expected to provide status updates and post-incident reports for executives and stakeholders in non-technical terms encompassing risk, impact, likelihood, containment and remediation activities and threat actors.
- Risk management including briefing and recommending actions to executive leadership within Global Information Security and other business partners on events and incidents
- The incident manager will be part of a global 24/7 rotation and there is a requirement to work 8-10 weekends per year on an on-call basis as a primary contact and 8-10 weekends as a secondary contact. There will also be a requirement to cover the majority of US holidays.
- Perform real-time analysis and trending of security log data from various security devices and systems.
- Maintain data sources feeding the log monitoring system, develop and maintain detection and alerting rules.
- Respond to user incident reports and evaluates the type and severity of security events.
- Execute initial triage of incidents to rule out false positives.
- Identify recurring security issues and risks and develops mitigation plans and recommends process improvements.
- Establish escalation processes for security incidents and develops contingency plans and disaster recovery procedures.

**Skills**:

- Proven experience handling Information Security related events and incidents
- Experience in an operations focused role with an emphasis on incident response
- Demonstrable experience in the coordination of containment activities related to cyber security incidents
- Familiarity with security vulnerabilities exploits and APT tools, techniques and procedures
- Familiarity with network security vulnerabilities, exploits, malware and digital forensics desirable
- An excellent communicator who can adapt to their audience
- Decisive and can make difficult decisions in what can be a high pressure environment
- Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results
- Able to handle multiple competing priorities in a fast-paced environment and take action without causing an undue delay
- Supportive and can work well as part of a team as well as independently
- Ability to remain calm under pressure
- Ability to work in a strong team-orientated environment with a sense of urgency and resilience
- Must be able to think outside the box and develop solutions to accomplish seemingly impossible tasks whilst remaining risk and objective focused