FRFS Cyber Security Specialist

About The Position

Requirements

• Demonstrated working knowledge of enterprise cyber risk assessment and management and software security practices or equivalent experiences.
• Understanding and working experience with risk management and control frameworks (NIST 800-53) and industry best practices.
• Understanding of vulnerability risk impact on key outcomes and critical processes.
• Experience in risk management programs and initiatives to inform critical business strategies and processes.
• Knowledge of and experience implementing industry standards, frameworks, and best practices in cyber risk management programs, practices, and processes inclusive of risk identification, analysis, response, communication, monitoring and escalation.
• Experience in conducting IS or Cyber Risk assessments with Cloud and/or on-premises products in an agile development environment.
• Works independently with little oversight, serves as a thought leader for solving complex business problems with innovative solutions.
• Demonstrated ability to collaborate with peers in developing security and technical testing practices in alignment with business needs and FR System standards, translate the practices into actionable plans, and deliver results.
• Demonstrated ability to work cross-System with both embedded and matrixed resources in pursuit of a common objective.
• Excellent change management skills, including advocating, anticipating, and orchestrating change.
• Bachelor’s degree required in business, technology, information security or related fields or equivalent work experience.
• A minimum of 3 years of progressive experience in technology, and information security.
• All applicants must have resided in the United States for at least three (3) years.

Nice To Haves

• 5 years or more of progressive experience preferred.
• Current or prior experience in the FRS is beneficial.
• Federal Reserve System SAFR certification preferred, or commensurate certification and experience in information security assurance.

Responsibilities

• Execute and maintain NIST based cyber risk assessments and management practices on FRFS information technology cloud and on-premises portfolio.
• Identify, measure, monitor and report on security risks within the information technology domain and assess the adequacy of controls including information security, cybersecurity and mitigation practices for technical vulnerabilities.
• Execute and maintain software security practices including security policies for tooling (SAST, DAST, OSS, IAST) to increase effectiveness and reduce false positives; promote and build procedures for the security champions in the Agile squads; and bring IS policy and standard expertise into the Agile squads.
• Review results from technical testing tools to identify vulnerabilities and contextualize the business impact on the respective payment services.
• Contribute to the vision, strategy, values and priorities that help the FRFS enterprise achieve its mission, as a member of the FRFS Technology Team.
• Develop close relationships with key stakeholders and external partners to ensure contemporary thinking, including the FRFS Technology Leadership Team, FRFS Leadership Team, and National IT stakeholders, with particular emphasis on collaboration with the Office of the Chief Information Security Officer to ensure complementary actions and avoid duplicative services.