Posted in General Business 27 days ago.
This job brought to you by eQuest
This position is responsible for consulting on and managing the IT compliance, risk assessment, and mitigation activities for the Business Technology Solutions department. The individual will be responsible for providing business and technical expertise for compliance tasks. The Specialist will develop, update and maintain IT compliance documentation based on Federal Reserve IT compliance standards. The individual will conduct regular reviews and assessments to coordinate Federal Reserve System (FRS) ERM, COSO, and SAFR/FISMA reporting requirements. The individual will also be expected to provide sound judgment, providing a strong risk posture while facilitating business.
Provide management with expertise, advice, and analysis of IT compliance and risk related policies and standards.
Oversee and perform IT compliance tasks and develop documentation which include risk management assessments.
Provide assistance to system owners and security support staff to develop and implement risk and compliance strategies.
Recommend appropriate impact level designations and identify appropriate security controls based on characterization of the information systems.
Evaluate system architecture including external connections, data flows, vulnerabilities, and countermeasures for compliance with Federal Reserve standards.
Facilitate and coordinate, as needed, independent reviews of the information systems that provide system and network security assessments and certifications based on Federal Reserve guidelines and procedures.
Develop and maintain vulnerability corrective action plans for all accepted risks upon completion of system reviews and audits.
Coordinate activities with FRS information technology security professionals and demonstrate competence in the application of the system certification guidelines and procedures.
Develop and execute plans to continuously monitor security controls during the monitoring cycle, direct the development of reports to describe test results, and submit them during the security evaluation cycle.
Serve as a system and department resource for risk and security analysis by leading or participating on high level projects, workgroups, and strategic initiatives. Provide expert commentary on proposed revisions to
policy and procedures, and contribute to efforts in support of the Federal Reserve Bank's security awareness and training initiatives.
Coordinate FRS risk assessment activities to complete the periodic reporting for ERM, COSO and SAFR/FISMA requirements.
Develop and implement local security policies and user guidance as new technology is introduced.
Perform other duties as assigned.
This position may be required to supervise 1-2 others, will act in a leadership role on projects and unit initiatives, and oversee the work of junior analysts.
Knowledge and Experience
Knowledge and experience normally acquired through, or equivalent to, the completion of a Master's degree, and a minimum of 5-7 years of related work experience in security compliance and risk management.
Knowledge about major business lines within the bank. Able to understand both the business needs as well as the rationale behind various security policies. Able to maintain strong customer relations across a complex and
Appropriate industry certifications, such as CAP or CISSP desirable.
Working knowledge of NIST 800 series Special Publications and IT Security Program.
Knowledge of Federal Reserve System COSO and ERM processes and SAFR/FISMA security requirements.
Knowledge and experience with risk assessments, security plans, and test and evaluation activities.
Ability to develop corrective action plans.
Good organization skills with the ability to exercise discretion and ingenuity to determine the proper course of action while following established standards.
Ability to be innovative, with resourcefulness and a strong drive for results.
High level of communication and leadership skills to support and interact with internal and external team members.
Excellent written and verbal communication skills.
The Federal Reserve Bank of Boston is committed to a diverse and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.
All employees assigned to this position will be subject to a credit check, an FBI fingerprint/criminal background check, and Patriot Act / Office of Foreign Assets Control (OFAC) watch list checks at least once every five years. Internal candidates who accept a job offer for this position will also be subject to credit re-screening before transferring.
All candidates must be U.S. citizens or lawful permanent resident aliens with at least three or more years of U.S. residency from the date of legal entry to the U.S.
The above statements are intended to describe the general nature and level of work required of this position. They are not intended to be
an exhaustive list of all duties, responsibilities or skills associated with this position or the personnel so classified. While this job description
is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion
at any time.