Your Responsibilities:
• Evaluates internal control performance, identifies weaknesses, and provides recommendations to strengthen the security control environment.
• Evaluates information security risk management lifecycle for complex boundaries, both on-premises as well as cloud based, including information gathering, drafting control responses, documenting non-compliance, capturing Authorization to Operate (ATO) and designing Plan of Action and Milestones (POAMs) remediation plans.
• Designs Information Security risk evaluations and documentation procedures.
• Creates and executes the Seventh District’s Information Security policies, standards, and procedures.
• Develops exceptions and remediation plans where business areas are not in compliance.
• Serves as primary point of contact to resolve complex questions and issues for stakeholders.
• Evaluates evidence provided by departments to document remediation of internal control issues or that support the closure of action plans, determines if evidence is sufficient, and provides recommendations.
• Plans projects to ensure effective implementation of both department initiatives as well as large system-wide efforts pushed out by National Information Technology (NIT) including security investigations, implementation of corrective actions and process improvement.
• Serves as a key team member and central point of contact during internal audit processes.
• Collects and organizes data for metrics and reports for senior leadership; performs special projects as needed including memos and status reports for management.
• Provides consultative advice and communicates risk assessment findings to technical and non-technical stakeholders.
• Evaluates opportunities to improve risk posture by enhancing technology-related internal solutions and controls for remediating, mitigating, or assessing residual risk.
• Creates and presents Information Security topics (e.g., IS Awareness, Phishing School) throughout the year to new employees, business areas, and senior leaders.
• Documents and resolves non-compliance with Information Security policy, controls, and standards.
• Collaborates with bank leadership at all levels to present risks, proposes mitigation strategies, and achieve buy in on recommendations.
Minimum three years of work experience
Advanced knowledge with common information security frameworks
Advanced knowledge of information security concepts.
Advanced analytical skills.
Excellent written and verbal communication skills.
Advanced interpersonal and relationship building skills.
Advanced knowledge of and ability to use common office and presentation software.
Advanced problem solving and troubleshooting skills.
Ability to work both independently and in a team setting.
Demonstrated continuous learning agility and adaptability.
Ability to proactively research and stay current on emerging risks, compliance trends, IT security regulations.
What we Offer
Additional Requirements:
We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression, or veteran status.
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.