Info Security Specialist

Company

Federal Reserve Bank of Kansas City

The Federal Reserve Bank of Kansas City is seeking an Information Security Specialist to provide security risk monitoring, analysis, and ongoing assurance activities.

Responsibilities include enabling and facilitating an understanding and of the Federal Reserve System information security policies and related requirements.

They also take organizational practices and align these practices with security industry best practices.

You will be involved in a mixture of project work and operational services, including consulting and subject matter expertise to internal information technology (IT) and business customers.

Candidates with expertise in NIST 800-53, Artificial Intelligence, or FAIR risk assessment methodologies will be highly fulfilled in this role.

Key Activities:


* Develops and maintains the information security posture (rules, controls, security safeguards, etc.) to protect the Bank’s information assets.


* Analyzes, documents, and communicates risks using the Security Assurance for the Federal Reserve (SAFR) risk management process.


* Plans, develops, and delivers initiatives that promote sound cyber security practices to include creation and delivery of training (general, business-specific, etc.).

Evaluates programs for effectiveness and improvement.


* Analyzes the results of assessments, compliance activities, etc., then reports on the results and provides remediation recommendations.


* Determines asset risk levels, coordinates the development of a security plans, and generates a security packages.


* Reports on compliance and policy exceptions.

Maintains non-compliance risk acceptance reviews and facilitates an approval process; provides recommendations on non-compliance situations and monitors their delivery.


* Provides input to the NIST Risk Management Framework (RMF) process activities and related documentation such as system lifecycle support plans, operational procedures, training materials, etc.


* Participates in supplier assessments such as third-party vendors, cloud services, etc.

by evaluating responses against required controls to identify gaps.


* Assist with information risk management services including risk assessments (SAFR) for new and existing Information Technology (IT) automation products and projects.


* Enforces information security policies and procedures by creating security reports; reviews information security policy documentation; and investigates possible security exceptions.


* Defines and maintains information security non-compliance (risk acceptance) review and approval processes; provides recommendations on information security noncompliance situations.


* Assists in department self-audit, internal audit, external audit reviews, and risk assessments for the department and for end user departments.


* Provides guidance and training to less experienced staff performing various activities.


* As...