Bank of America Expands Cybersecurity Operations in Sydney
Bank of America is actively recruiting for Global Information Security roles based in Sydney, Australia, as part of a broader push to bolster its regional cybersecurity infrastructure. These positions are designed to address the evolving threat landscape in the Asia-Pacific financial sector, focusing on threat detection, incident response, and regulatory compliance within the bank’s international network.
Strategic Cybersecurity Recruitment in Australia

The financial services industry in Australia faces increasing pressure to fortify digital defenses against sophisticated cyberattacks. According to the Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report, financial institutions remain a primary target for malicious actors seeking to exploit systemic vulnerabilities. Bank of America’s decision to station specialized security personnel in Sydney aligns with the bank’s global strategy to decentralize its security operations, ensuring 24/7 oversight of its digital assets.
These roles, often categorized under Global Information Security, require professionals to manage complex security architectures. Responsibilities typically include monitoring for unauthorized access, implementing encryption standards, and ensuring the bank’s local operations remain compliant with the Australian Prudential Regulation Authority (APRA) Prudential Standard CPS 234, which mandates that regulated entities maintain robust information security capabilities.
Operational Priorities for Global Security Teams
Bank of America’s security teams operate within a unified global framework. By placing staff in Sydney, the bank integrates local market expertise into its worldwide security operations center (SOC) model. This structure allows for:
* Real-time Threat Intelligence: Utilizing localized data to identify regional attack patterns before they escalate.
* Regulatory Alignment: Ensuring that security protocols meet both internal global standards and specific Australian federal requirements.
* Incident Response: Providing immediate, on-the-ground technical intervention to mitigate the impact of potential data breaches or system outages.
The bank’s approach reflects a shift toward “follow-the-sun” support models, where security teams in different time zones pass off monitoring responsibilities to ensure continuous, uninterrupted coverage.
Industry Context and Skill Requirements

The demand for cybersecurity talent in Sydney is high, driven by a national shortage of skilled professionals. The Australian Trade and Investment Commission highlights that the nation’s cybersecurity sector is expanding rapidly, with financial services leading the investment in new technologies and personnel.
Candidates for these roles at Bank of America generally require backgrounds in network engineering, risk management, or forensic analysis. The bank’s recruitment process emphasizes certifications—such as CISSP or CISM—and practical experience in managing security within large-scale, cloud-integrated enterprise environments. As financial services continue to move toward digital-first banking, the role of security teams in Sydney remains critical to maintaining public trust and operational resilience.
Frequently Asked Questions
Where are these cybersecurity positions located?
The roles are based in Sydney, Australia, serving as part of Bank of America’s regional and global security footprint.
What is the primary focus of these roles?
The focus is on Global Information Security, which includes threat monitoring, incident response, and ensuring adherence to local and international regulatory standards.
Does this recruitment align with Australian regulations?
Yes, these roles are essential for maintaining compliance with APRA’s CPS 234, which requires financial institutions to manage information security risks effectively.
How does this fit into the bank’s global strategy?
It allows the bank to maintain a “follow-the-sun” operational model, providing continuous, 24/7 security oversight across its global network.
Worth a look