Bank of America

2018 - 2020

Bank of America is one of the world's largest financial institutions, serving approximately 56 million U.S. consumer and small business relationships.

BOA’s Global Information Security (GIS) division is responsible for protecting the bank's information systems, confidential and proprietary data, and customer information through a proactive strategy, the deployment of innovative controls, and an agile operating model.

Size: ~250,000 employees when I joined

Synopsis

Roles: Lead Product Designer, Interim Design Manager

Team size: 6

I joined Bank of America to lead the experience design strategy on a small enterprise-side innovation team in the Global Information Security organization. I led the design and research of two core products for identity and access management and third-party risk management. When our design director left the team, I assumed the interim role of Design Manager leading the design ops, facilitating key organizational strategy, and leading experience design projects.

Product Impact

  • Led qualitative and quantitative research initiatives that influenced the direction of our security products

  • Led the incremental redesign of the Continuous Monitoring product.

  • Led the holistic redesign of the PCAT tool

Team & Operations Impact

  • Configured and managed a Jira backlog of design tasks and organized epics into 2-week design sprints.

  • established a Sharepoint site as a wiki to allow for crossfunctional socialization of our design progress and research.

  • Sent weekly reports to our leadership team on our team’s progress

  • Led design quality reviews to formalize design critique

  • Established templates and interview scripts for conducting research studies

People & design operations

Navigating an organization as large as Bank of America requires a tremendous amount of cross-functional alignment. I took the initiative to configure our design team’s Jira to track and organize our design work so we could align with broader engineering teams. I also set up a SharePoint to act as a wiki for our team and used that to socialize our work across the broader organization. I also took efforts to break down large design epics into smaller tasks and guided designers on the team on what successful delivery would entail.

Chris is an incredibly talented leader. His design skills and technical acumen are both solid and enviable. As Chris’s teammate, I always love to watch Chris effectively workshop a problem. He is really amazing at breaking a problem down into bite-size portions - and leading a group to collaborate on possible solutions.

Julia Baker Hansen · Sr Product Designer, Bank of America

Designing for compliance & risk remediation

One of the products I led was an internal application called Continuous Monitoring, which was used to track vulnerabilities from the time of identification to the point of remediation. One struggle leadership teams faced with CM was that their team’s remediation steps and reasons were not explicit enough and often lacked timelines. By adding additional form fields for users to click, and enhancing several screens in the workflow we were able to remedy many of the communication gaps.

Before

After

Notable Feedback

“I love the enhancements, I did some user acceptance testing, and had no issues!”

Karen Peterson · Senior Vice President of Operational Control Risk Management, Bank of America

“I love the drag and drop to reorder the action steps!”

April Hadnot · Vice President of Information Security Governance and Remediation, Bank of America

“Adding in the AIT overview saves me a ton of time from having to toggle back and forth with AppHQ to get the additional information I need in order to properly assess the risk”

Dani Reiser · Senior Vice President of Global Information Security, Bank of America

Leading discovery research

I led the ethnographic research to understand why certain risk remediation teams didn’t use CM and other remediation tools but were still able to fulfill their role responsibilities. We recruited and recorded 40+ 1:1 conversations with risk managers, coded and synthesized our findings, and conducted our own internal heuristic analysis on usability gaps in products we supported. While I can’t detail what I learned, I can say that much of it pointed to broader systemic issues that spanned beyond any single application or usability pain point.

affinityMapping.jpg
2020-02-16+09_05_05-.jpg
cardSorting.png

Chris stepped into the project as the Lead UX Designer, but due to staffing shortages had to take on a much larger role. At times Chris took on the Business Analyst role and really worked to drive the project when a Project Manager was not assigned. Due to his diligence, the project continued to move forward even without these key roles.

Wendy J Betts · Information Security Executive, Bank of America

Gamifying identity & access management

My team was also responsible for our internal permission auditing tool (PCAT). Access management in a zero-trust environment is difficult to manage at scale because permissions will accumulate over time. The risk of not auditing permissions frequently is unintentionally increasing the attack surface for threat actors to exploit. Our team was tasked with ideating and solving this issue, and I led much of the discovery work and visual explorations. The artifacts I produced help galvanize support, instill confidence, and accelerate decision-making across cross-functional teams. After our solution went live, we estimate that it has saved 250,000 hours in Identity Access Management costs associated with making 1.5 permissions descriptions managed by nearly six thousand application teams easier to understand and manage.

Previous

Smartsheet
Next

Synect Media