FRFS Cyber Security Specialist

Company

Federal Reserve Bank of Boston

Federal Reserve Financial Services (FRFS) delivers a suite of payments services to financial institutions via FedLine® Solutions, FedNowSM, Fedwire®, National Settlement Service (NSS), FedCash®, FedACH® (Automated Clearing House), and Check Services.

We are currently leading a strategic effort to transform FRFS to a national, enterprise-focused organization.

Through our evolved structure, we will meet the needs of the marketplace for new products and services more quickly, seek to provide a more robust and unified customer experience across our financial service offerings, and create new career growth opportunities for FRFS staff.

The position is primarily on-site.

The primary desired work location for this position New York or Chicago with residency commutable to that District.

Candidates residing near any of our 12 Federal Reserve Banks may be considered.

This position will require you to travel as much as 10% of the time.

Key Activities:


* Execute and maintain NIST based cyber risk assessments and management practices on FRFS information technology cloud and on-premises portfolio.


* Identify, measure, monitor and report on security risks within the information technology domain and assess the adequacy of controls including information security, cybersecurity and mitigation practices for technical vulnerabilities.


* Execute and maintain software security practices including security policies for tooling (SAST, DAST, OSS, IAST) to increase effectiveness and reduce false positives; promote and build procedures for the security champions in the Agile squads; and bring IS policy and standard expertise into the Agile squads.


* Review results from technical testing tools to identify vulnerabilities and contextualize the business impact on the respective payment services.


* Contribute to the vision, strategy, values and priorities that help the FRFS enterprise achieve its mission, as a member of the FRFS Technology Team.


* Develop close relationships with key stakeholders and external partners to ensure contemporary thinking, including the FRFS Technology Leadership Team, FRFS Leadership Team, and National IT stakeholders, with particular emphasis on collaboration with the Office of the Chief Information Security Officer to ensure complementary actions and avoid duplicative services.

What We Look For


* Demonstrated working knowledge of enterprise cyber risk assessment and management and software security practices or equivalent experiences.


* Understanding and working experience with risk management and control frameworks (NIST 800-53) and industry best practices.

Understanding of vulnerability risk impact on key outcomes and critical processes.


* Experience in risk management programs and initiatives to inform critical business strategies and processes.

Knowledge of and experience implementing industry standards, frameworks, and best practices in cyber ri...