Information Security Analyst

Company

Federal Reserve Bank of Richmond

When you join the Federal Reserve—the nation's central bank—you’ll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems.

We invest in contemporary and emerging technology each year to support the Federal Reserve and our economy, and we’re building a dynamic and diverse team for our future.

Bring your passion and expertise, and we’ll provide the opportunities that will challenge you and propel your growth—along with a wide range of benefits and perks that support your health, wealth, and life.

In addition to competitive compensation, we offer a comprehensive benefits package that includes tuition assistance, generous paid time off, top-notch health care benefits, child and family care leave, professional development opportunities, a 401(k) match, pension, and more.

All brought together in a flexible work environment where you can truly find balance.

About the Opportunity

The Richmond Information Security (IS) Risk Management team has an immediate opening for an IS Analyst, reporting to the IS Senior Manager.

The IS Analyst is responsible for developing, maintaining and coordinating Fifth District information security activities related to Governance, Risk and Compliance (GRC) in support of the Bank's information security and data privacy programs.

This position provides risk management and consulting services to all levels of the organization in support of National and Fifth District Lines of Business.

What You Will Do:


* Supports the Security Assurance for the Federal Reserve (SAFR) program based on the NIST Risk Management Framework.


* Serves as an information security consultant to business areas by guiding them through the SAFR lifecycle, interpreting information security and data privacy policies and standards, advising on new security initiatives, and helping them manage information security risk to their business, the Bank and the Federal Reserve.


* Participates in and coordinates execution of assurance activities such as Security Control Assessments (SCA), Continuous Monitoring Control Assessments (CMCA), and COSO by testing management and operational controls and reporting results to management.

Documents and tracks issues and/or deficiencies.


* Conducts security impact assessments on new software, data, technology components, and use cases.


* Conducts information security assessments of suppliers including third party vendors and cloud services.

Advises on mitigating identified risks and changes requested by third parties to security and privacy provisions of our contracts.


* Analyzes, designs, and implements business processes and requirements to ensure appropriate risk management and alignment with information security policies, standards, and procedures.

Qualifications:


* Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, Business A...