Info Security Specialist

Company

Federal Reserve Bank of Kansas City

This role is responsible for modernizing the methods and procedures for performing cybersecurity risk management and assessing cybersecurity risk.

This involves assessing the current approach, data, and tools to identify gaps and enhancements.

It requires strong partnerships with key stakeholders and business leaders, conveying cyber risk to them in a way that allows them to make risk informed decisions and improve the Organization’s security posture.

Key Activities:


* Modernize the current approach to cybersecurity risk management and assessments


* Research and evaluate methodologies and frameworks and subsequently apply them for use in the organization


* Identify and implement risk quantification and scoring approaches within the organization


* Develop reports and dashboards to illustrate the organization's risk posture


* Ensure that cybersecurity risk is integrated with IT risk, and informs overall Enterprise risk


* Meet with technical experts and business leaders to convey cybersecurity risk in a way they can understand


* Research and identify options to establish a risk register


* Perform in depth data analysis to identify patterns, trends, and areas of focus and priority

Qualifications:


* Typically requires at least 6 years of relevant experience


* Associate’s degree specializing in an information technology field from an accredited college or university or technical school, or equivalent combination of directly related education and/or experience.

Bachelor’s degree preferred.


* Information Security industry certification (SSCP, CISSP, GIAC, CISM, CISA, etc.) preferred.


* SAFR Certification preferred


* Strong knowledge of and experience applying cybersecurity risk frameworks and assessment methodologies; examples may include Factor Analysis of Information Risk (FAIR), NIST Cybersecurity Framework (CSF)


* Experience with risk scoring methods and risk quantification


* Experience with generating reports and dashboards to convey cybersecurity risk in a way that is easy to consume


* Experience establishing or running an Enterprise cybersecurity risk management program


* Experience with NIST SP 800-53 security standards


* Strong skills and experience with data analysis


* Ability to understand technical details of cybersecurity risk


* Ability to communicate complicated technical risk scenarios to all levels of the organization


* Demonstrate self-motivation and ability to perform work independently, and also collaborate in a team environment

Additional Information:

Location(s):


* Hybrid –Yes, KC, Denver, Omaha or Oklahoma City offices


* Remote Only Eligible – No

Pay Range: The starting pay range for this position is $89,800 to $160,200 for the job level(s) required for this position.

Final offers are determined by factors including the candidate’s qualifications, interna...