Posted in Information Technology 30+ days ago.
Type: Full-Time
You will perform at an advisory level to identify and communicate security risk and develop positive working relationships and collaborate with various District organizations. You will perform risk assessments, communicate and document information security risk, evaluate security controls, and assess the quality of security control documentation. You will work with business partners to collect relevant information for both on-premises systems and third-party systems. You will provide risk guidance to ensure that senior leadership understands the key risks in the systems they own and how accepted risk compares with the risk appetite of the organization.
Essential responsibilities:
Support 12th District risk strategies, identify risks in Bank processes and technologies, and lead improvement initiatives to minimize risk.
Serve as a domain expert on security policy in the 12th District and influence policy development at the Federal Reserve System level.
Support and advise partners to enable them to understand Bank and FRS security controls, policies, and procedures.
Establish and foster long-term relationships with partners and contacts in assigned business areas and partner with them to understand their technical and business requirements to help enable them to do their work securely.
Advise and assess application development teams on Secure Cloud Development and Operations to enable them to mature their practices and processes.
Understand technical implementation details necessary to assess security risk in Cloud and on-prem environments and recommend security control improvements or identify mitigating controls.
Perform complex analysis of security issues and advise business partners on relevant risks and mitigations.
Evaluate external service providers to identify and communicate associated risks and identify shared security responsibility between the vendor and the Federal Reserve.
Perform security control assessments and prepare assessment reports to document assessment scope, procedures, findings, and recommendations; interpret the significance of assessment findings, conclude on findings, and make practical recommendations for remediation.
Communicate security risk and implications to partners at all levels, including executives.
Collaborate and influence work multi-functionally; navigate ambiguity while leading multiple projects simultaneously in a fast-paced, results-driven environment, accepting accountability of the process and delivering on commitments.
Minimum Qualifications:
Bachelor’s degree in computer science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or a related field or equivalent work experience.
A Sr Security Analyst requires 5+ years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and 3+ years’ experience designing and deploying security solutions
A Lead Security Analyst requires eight or more years of experience in IT and cybersecurity including security advising, security assessment, security architecture, and/or security engineering.
Familiarity with NIST 800 special publications, FedRAMP, and other risk frameworks.
Able to explain complex IT and data related issues to non-expert, non-IT staff and management in a manner that allows clear comprehension of the risk implications.
Ability and willingness to work responsibly without direct supervision in a hybrid environment.
Excellent customer service, collaboration, interpersonal, and influencing skills.
Superb communication (written and verbal), critical thinking, analytical, and problem-solving skills.
Track record of taking initiative to address problems and make process improvements.
Self-starter with the ability to prioritize work and balance multiple projects and tasks simultaneously.
Exceptional consultative skills and a demonstrable ability to work effectively with business partners, internal management and staff, and vendors and consultants.
Must be a U.S. Citizen
Preferred skills:
Understanding of Cloud (AWS and/or Azure) architecture and services and implications to security
Meaningful industry certifications such as CISSP, CRISC, and/or CCSP. Cloud vendor specific certifications such as AWS Security Specialty and/or Azure Security Engineer Associate.
Experience with security control testing, DevSecOps, and threat modeling.
Scripting, automation, and business intelligence experience with tools such as python, R, SQL, etc.
Base Salary Range for Sr. IT Security Analyst: Min: $113,600 - Mid: $147,600 - Max: $181,600(Location: San Francisco)
Base Salary Range for LEAD IT Security Analyst: Min: $138,900 - Mid: $180,400 - Max: $221,900 (Location: San Francisco)
Final salary and offer will be determined by the applicant’s background, experience, skills, internal equity, and alignment with market data.
We offer a wonderful benefits package including Medical, Dental, Vision, Pre-tax Flexible Spending Account, Backup Child Care Program, Pre-Tax Day Care Flexible Spending Account, Paid Family Care Leave, Vacation Days, Sick Days, Paid Holidays, Pet Insurance, Matching 401(k), and Retirement/Pension.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. The SF Fed is an Equal Opportunity Employer.
#LI-Hybrid
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.
City View Post Acute |
Alvarez & Marsal Corporate Performance Improvement, LLC |
Alvarez & Marsal Corporate Performance Improvement, LLC |