Senior Information Security Policy & Risk Analyst

Company

Federal Reserve Bank of Chicago

The Info Security Policy & Risk Senior Analyst executes routine Information Security Policy & Risk Assessment processes accurately and on-schedule to protect and secure the organization's sensitive information and technology systems.

This position is considered advanced level and performs work of moderate to high complexity.

The incumbent works under general supervision and may lead some efforts autonomously.

This job does not have any direct reports but may lead the work of junior staff.

Your Responsibilities:
• Evaluates internal control performance, identifies weaknesses, and provides recommendations to strengthen the security control environment.
• Evaluates information security risk management lifecycle for complex boundaries, both on-premises as well as cloud based, including information gathering, drafting control responses, documenting non-compliance, capturing Authorization to Operate (ATO) and designing Plan of Action and Milestones (POAMs) remediation plans.
• Designs Information Security risk evaluations and documentation procedures.
• Creates and executes the Seventh District’s Information Security policies, standards, and procedures.
• Develops exceptions and remediation plans where business areas are not in compliance.
• Serves as primary point of contact to resolve complex questions and issues for stakeholders.
• Evaluates evidence provided by departments to document remediation of internal control issues or that support the closure of action plans, determines if evidence is sufficient, and provides recommendations.
• Plans projects to ensure effective implementation of both department initiatives as well as large system-wide efforts pushed out by National Information Technology (NIT) including security investigations, implementation of corrective actions and process improvement.
• Serves as a key team member and central point of contact during internal audit processes.
• Collects and organizes data for metrics and reports for senior leadership; performs special projects as needed including memos and status reports for management.
• Provides consultative advice and communicates risk assessment findings to technical and non-technical stakeholders.
• Evaluates opportunities to improve risk posture by enhancing technology-related internal solutions and controls for remediating, mitigating, or assessing residual risk.
• Creates and presents Information Security topics (e.g., IS Awareness, Phishing School) throughout the year to new employees, business areas, and senior leaders.
• Documents and resolves non-compliance with Information Security policy, controls, and standards.
• Collaborates with bank leadership at all levels to present risks, proposes mitigation strategies, and achieve buy in on recommendations.

Your Experience:



* ·Bachelor's degree in a related field, or commensurate specialized training, certification, or work experience


* Min...