Information Security Specialist

When you join the Federal Reserve—the nation's central bank—you’ll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems. We invest in contemporary and emerging technology each year to support the Federal Reserve and our economy, and we’re building a dynamic and diverse team for our future.

This role is responsible for modernizing the methods and procedures for performing cybersecurity risk management and assessing cybersecurity risk. This involves assessing the current approach, data, and tools to identify gaps and enhancements. It requires strong partnerships with key stakeholders and business leaders, conveying cyber risk to them in a way that allows them to make risk informed decisions and improve the Organization’s security posture.

Important Information

• Open to US Citizens, Green Card holders or Permanent Residents with at least 3 years of residency.

• No sponsorship is available. Candidates must have valid work authorization, without an end date to be considered. No H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.

• This position requires working on-site with 5 days per month remote work flexibility.

Key Activities

Risk Assessment & Analysis

• Modernize the current approach to cybersecurity risk management and assessments.

• Research and evaluate methodologies and frameworks and subsequently apply them for use in the organization.

• Identify and implement risk quantification and scoring approaches within the organization.

• Perform in-depth data analysis to identify patterns, trends, and areas of focus and priority.

• Incorporate threat intelligence into risk assessments to provide context-aware risk evaluations.

• Conduct business impact analyses to understand how security incidents affect critical business functions.

• Evaluate and quantify risks associated with third-party vendors and supply chain.

• Assess specific risks related to cloud environments and services.

Program Development

• Develop reports and dashboards to illustrate the organization's risk posture.

• Ensure that cybersecurity risk is integrated with IT risk, and informs overall Enterprise risk.

• Research and identify options to establish a risk register.

• Develop and track risk treatment plans including mitigation strategies, acceptance justifications, or transfer options.

• Map cybersecurity risks to relevant regulatory requirements and compliance frameworks.

• Continuously improve risk management processes based on industry trends and organizational needs.

Communication & Collaboration

• Meet with technical experts and business leaders to convey cybersecurity risk in a way they can understand.

• Partner with incident response teams to incorporate lessons learned into risk models.

• Translate complex technical risk scenarios into actionable insights for all levels of the organization.

Qualifications

Experience

• Typically requires at least 6 years of relevant cybersecurity risk management experience.

• Experience with risk scoring methods and risk quantification.

• Experience with generating reports and dashboards to convey cybersecurity risk in a way that is easy to consume.

• Experience establishing or running an Enterprise cybersecurity risk management program.

• Experience with NIST SP 800-53 security standards.

• Experience presenting risk information to executive leadership.

Education & Certifications

• Bachelor's degree specializing in an information technology field from an accredited college or university, or equivalent combination of directly related education and/or experience.

• Information Security industry certification (SSCP, CISSP, GIAC, CISM, CISA, etc.) preferred.

Technical Knowledge

• Strong knowledge of and experience applying cybersecurity risk frameworks and assessment methodologies; examples may include Factor Analysis of Information Risk (FAIR), NIST Cybersecurity Framework (CSF).

• Strong skills and experience with data analysis.

• Experience with GRC (Governance, Risk, and Compliance) tools.

• Knowledge of business impact analysis methodologies.

• Familiarity with cloud security frameworks (CCSK, CCSP).

Skills & Abilities

• Ability to understand technical details of cybersecurity risk.

• Ability to communicate complicated technical risk scenarios to all levels of the organization.

• Demonstrated self-motivation and ability to perform work independently, and also collaborate in a team environment.