Information Security Specialist

Company

Federal Reserve Bank of Kansas City

When you join the Federal Reserve—the nation's central bank—you’ll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems.

We invest in contemporary and emerging technology each year to support the Federal Reserve and our economy, and we’re building a dynamic and diverse team for our future.

This role is responsible for modernizing the methods and procedures for performing cybersecurity risk management and assessing cybersecurity risk.

This involves assessing the current approach, data, and tools to identify gaps and enhancements.

It requires strong partnerships with key stakeholders and business leaders, conveying cyber risk to them in a way that allows them to make risk informed decisions and improve the Organization’s security posture.

Important Information


* Open to US Citizens, Green Card holders or Permanent Residents with at least 3 years of residency.


* No sponsorship is available.

Candidates must have valid work authorization, without an end date to be considered.

No H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.


* This position requires working on-site with 5 days per month remote work flexibility.

Key Activities

Risk Assessment & Analysis


* Modernize the current approach to cybersecurity risk management and assessments.


* Research and evaluate methodologies and frameworks and subsequently apply them for use in the organization.


* Identify and implement risk quantification and scoring approaches within the organization.


* Perform in-depth data analysis to identify patterns, trends, and areas of focus and priority.


* Incorporate threat intelligence into risk assessments to provide context-aware risk evaluations.


* Conduct business impact analyses to understand how security incidents affect critical business functions.


* Evaluate and quantify risks associated with third-party vendors and supply chain.


* Assess specific risks related to cloud environments and services.

Program Development


* Develop reports and dashboards to illustrate the organization's risk posture.


* Ensure that cybersecurity risk is integrated with IT risk, and informs overall Enterprise risk.


* Research and identify options to establish a risk register.


* Develop and track risk treatment plans including mitigation strategies, acceptance justifications, or transfer options.


* Map cybersecurity risks to relevant regulatory requirements and compliance frameworks.


* Continuously improve risk management processes based on industry trends and organizational needs.

Communication & Collaboration


* Meet with technical experts and business leaders to convey cybersecurity risk in a way they can understand.


* Partner with incident response teams to incorporate lessons learned into risk models.


* Translate complex technical risk scenarios into actio...