Cyber Security Risk Analyst
About The Position
The Federal Reserve Bank of New York's Information Security New York (ISNY) department is responsible for a superior information security program that identifies and mitigates cyber risks and threats. The Cyber Security Assurance Department (CSA) within ISNY assesses risks associated with third-party vendor systems, software, IoT devices, ICS, technology processes, or outsourcing arrangements that handle, process, or store Federal Reserve data. The team provides guidance and manages risks in collaboration with business units. CSA also integrates security practices into DevSecOps methodology, performs application security testing, and works on security tooling integration within the CI/CD pipeline. Analysts are embedded in development squads to provide security advice during development and manage the Security Champion Program.
Requirements
- Experience in executing assessments in the Cloud and against third-party SaaS solutions.
- Expert knowledge of performing risk management based on NIST 800-53.
- Experience in determining vulnerability risk impact on key objectives and critical processes; ability to link risk management programs and initiatives to inform critical business strategies and processes.
- Experience in thriving in the DevSecOps culture and working closely with developers on delivering business value in an agile quick release environment.
- Demonstrated leadership experience, managing projects, strong decision making and execution abilities.
- Strong experience managing and timely resolving security findings in the Agile management practice.
- Expert level application security testing skills supporting CI/CD pipeline.
- Experience evaluating 3rd party vendors supporting Banks processes with focus on data protection.
- Proven ability evaluating and securing Gen AI systems with internal and embedded models.
- Possession of or the ability to obtain and maintain National Security Clearance, which includes U.S. Citizenship when required.
Responsibilities
- Perform Cloud application security risk assessments.
- Execute assessments timely and accurately.
- Manage relationships with assigned business units.
- Embed within development squads to provide timely security advice.
- Perform application security testing ensuring only compliant workloads move to the Cloud.
- Support development squads in implementing security tooling in the CI/CD pipeline.
- Conduct risk assessments including application security testing focusing on Cloud migration workloads for mission-critical systems supporting Markets operations.
- Perform overall information systems risk management.
Benefits
- Educational assistance
- Career development tools
- Stretch opportunities
- Parental leave
- Adoption assistance
- Back-up dependent and elder care
- College planning resources
- Comprehensive insurance plans
- Leave policies
- Onsite Health & Wellness Center
- Onsite Fitness Center
- Pension plan
- 401(k) with generous match
- Financial planning resources
- Subsidized public transportation program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
