This job listing has expired and the position may no longer be open for hire.

(Contract) - IT Security Assessor- Third Party at Bank of America Merchant Services in Atlanta, Georgia

Posted in Other 30+ days ago.

Job Description:

Every day, we deliver innovative solutions at the forefront of fintech that help businesses better serve their customers, expand their business, protect themselves from fraud, and reimagine commerce. Formed in 2009 by powerhouse brands Bank of America and First Data, we've grown to process more than 16 billion transactions at approximately 529,000 merchant locations in 2017 alone. We're a leader with deep expertise and momentum.

Bank of America Merchant Services is an Equal Opportunity and Affirmative Action Employer of Females, Minorities, Veterans and Disabled.

The IT Security Assessor - Third Party will execute the BAMS Third Party Risk Assessment Program. Third Party Risk Management, as a function, manages the Third Party standards and the Line of Business compliance to the standards, as well as contractual, legal, regulatory and/or service requirements of the vendors. The IT Security Assessor, working with the different BAMS Lines of Business, will drive the scheduling, execution and remediation of Third Party risk pre and post assessments. This program is a primary risk control with which BAMS protects its interests as well as meets regulatory and industry requirements.

Essential Functions

  • Develop testing and manage the execution of Third Party Risk Assessment processes, procedures, and program requirements to ensure appropriate controls surrounding Third Party due diligence, ongoing monitoring and termination. The Assessor will execute all aspects of the framework attributable to Third Party Risk Assessments to ensure corporate compliance with the OCC and other regulatory bodies. Responsible for program execution including the performance of Assessment scoping, evaluation of evidence, analysis, reporting and ongoing remediation. The Third Party Risk Assessment Program includes Third Party Risk Oversight of the following domains: Information security, business continuity, physical security, regulatory compliance and privacy, third party oversight. Work with internal lines of business (LOB's) to ensure Third Parties are assessed and are compliant with Third Party Risk Management processes and enterprise risk appetite. Provide leadership surrounding the ongoing performance oversight of the Third Parties and alignment of each portfolio to the enterprise program standards. Develop fact based risk reporting to be delivered to BAMS leaders on Vendor performance and organizational compliance with enterprise program standards. Influence the LOB's to drive implementation of improvements Third Party Risk controls where needed Conduct periodic assessments to ensure compliant and stable service delivery. Establish and execute formal and integrated Business Vendor and BCO governance routines for adherence to program requirements Travel requirements may be as high as 75%


  • Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)Certified Business Continuity Auditor (CBCA) or other certifications recognized by the Disaster Recovery Institute Certified Risk Manager (CRM)Certified Fraud Examiner (CFE)Certified AMS Specialized (CAMS)Ability to drive performance through proper incentive/metric design and reporting Good relationship management and influence ability. Balances the need for assertiveness and good relationship management in order to enforce policies and compliance and drive actions needed by others Inspires confidence in business leaders Proficient at multi-tasking, has the ability to manage multiple initiatives concurrently Self-starter, who accomplishes goals with broad direction and minimal day-to-day supervision Flexible, with ability to quickly adapt to changes in business direction that may impact initiatives in progress with minimal noise Excellent written and verbal skills. Conveys complex and technical concepts with simplicity and clarity. Strong financial and business process analysis and experience Experience Certified Information Systems Security Professional (CISSP)


  • 5+ years previous Assessment experience Experience in defining and implementing process improvements, including process design and control monitoring Six Sigma process trained; certification preferred College degree required Tools Proficient with Microsoft Office Tools

Regulatory Requirements

  • Responsible for supporting regulatory requirements under the Bank Secrecy Act, USA Patriot Act, OFAC and other Anti-Money Laundering laws, rules, and regulations.

This is not necessarily an exhaustive list of all responsibilities, performance standards, measurements, skills or requirements associated with this job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require other or different tasks to be performed when circumstances change.


Bank of America Merchant Services ensures equal employment opportunity without discrimination or harassment on the basis of race, color, creed, religion, national origin, alienage or citizenship status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, protected veteran status, genetic information, or any other basis protected by law.

The employer will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the employer's legal duty to furnish information.

Nearest Major Market: Atlanta

Job Segment: Bank, Banking, Risk Management, Information Systems, Information Security, Finance, Technology