Sr. IT Security Analyst - Security Programs & Policies at Federal Reserve Bank of Richmond in San Francisco, CA
Company Federal Reserve Bank of San FranciscoWhile the SF Fed is a Reserve Bank, we're not what you might expect. We're unreserved here. That means we seek new and diverse perspectives. We spark conversations and encourage debate. We build opportunity. We pursue careers that are true to ourselves. We are looking for people who want to help our country reach its full economic potential. When you join the SF Fed, you join a team of people working together to promote an inclusive economy that works for everyone.At our Bank, we have always supported telecommuting, and when we shift from our work from home posture, it will be in a hybrid model, allowing for generous telecommuting options. We know flexibility is very important to our employees, especially now. Right now, we are looking to add an Sr. IT Security Analyst to our Information Security Team. The Federal Reserve has a global mission and offers pioneering work in a stable environment with competitive pay, superior benefits AND a true work life balance. If you desire to be a member of a best-in-class team, and to develop your skills and experience beyond anything available in the commercial sector, the Federal Reserve is the place for you! In this critical role, you will support the management of cyber security programs and policies. You will help strengthen the position of the local Information Security department as a strategic partner to the Bank's business areas. Additionally, you will make important contributions to our cyber security risk management processes, metrics, reports, and other security awareness and communication tools. Essential
Responsibilities:
Provide Information Security Program and Risk Management support by helping to define key risk indicators, capturing metrics, and analyzing the effectiveness of District and System information security programs and policies. Assist with crafting or adjusting ongoing programs and policies as warranted based on ongoing analysis of effectiveness and internal and external cyber threat landscape and risk posture. Evaluate the effectiveness of awareness and training programs and makes recommendations for improvement. Analyze information security control metrics to demonstrate effectiveness or need for control improvement. Develop regular security briefings and other collateral that communicates cybersecurity and organizational risk to various partners based on analytical viewpoints derived from multiple sources of internal and external security data points. Create, distribute, and update reports on information security service performance to management and information security governance forums. Work with staff from various groups communicating security issues and responding to requests for assistance and information. Promote the maturation of Insider Risk Program including developing and deploying training and awareness campaigns, creating and tracking new metrics and reporting, and completing program administration requirements. Requirement:
Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or a related field or equivalent experience. Typically requires five or more years of information security related experience in areas such as:
security operations, testing, and/or system or security administration work. Working knowledge of security issues, techniques, and implications across computer platforms. Strong written and verbal communication skills. Strong knowledge of critical security controls (NIST Catalog 800-51?) Working knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve, and prevent violations of IT security, to protect organizational data. Must be a U.S. Citizen. Helpful but not required:
Experience managing cyber security risk in the context of standard enterprise risk management practices. Working knowledge of scripting languages and/or process automation tools and techniques. MS SharePoint administration. JIRA Software administration. Familiar with NIST 800 special publications, ISO 27000, Cloud Security Alliance (CSA), and FedRAMP. Meaningful industry certifications such as AWS Security, CISSP, CISA, CRISC, CCSK, and/or CCSP. Effective October 1, 2021, all employees must be fully vaccinated against COVID-19 or qualify for an accommodation from the Bank's vaccination policy; the Bank will provide accommodations as required by law for individuals unable to be vaccinated due to medical condition or sincerely held religious belief. At the Federal Reserve Bank of San Francisco, we offer a wonderful benefits package including:
Medical, Dental, Vision, Pretax Flexible Spending Account, Paid Leave Care, Backup Child Care Program, Pretax Day Care Flexible Spending Account, Vacation Days, Sick Days, Paid Holiday's, Pet Insurance, Matching 401(k), and an unheard of Retirement / Pension. At the SF Fed, we believe in the diversity of our people, ideas, and experiences and are committed to building an inclusive culture that is representative of the communities we serve. The SF Fed is an Equal Opportunity Employer. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. #LI-Hybrid
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Responsibilities:
Provide Information Security Program and Risk Management support by helping to define key risk indicators, capturing metrics, and analyzing the effectiveness of District and System information security programs and policies. Assist with crafting or adjusting ongoing programs and policies as warranted based on ongoing analysis of effectiveness and internal and external cyber threat landscape and risk posture. Evaluate the effectiveness of awareness and training programs and makes recommendations for improvement. Analyze information security control metrics to demonstrate effectiveness or need for control improvement. Develop regular security briefings and other collateral that communicates cybersecurity and organizational risk to various partners based on analytical viewpoints derived from multiple sources of internal and external security data points. Create, distribute, and update reports on information security service performance to management and information security governance forums. Work with staff from various groups communicating security issues and responding to requests for assistance and information. Promote the maturation of Insider Risk Program including developing and deploying training and awareness campaigns, creating and tracking new metrics and reporting, and completing program administration requirements. Requirement:
Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or a related field or equivalent experience. Typically requires five or more years of information security related experience in areas such as:
security operations, testing, and/or system or security administration work. Working knowledge of security issues, techniques, and implications across computer platforms. Strong written and verbal communication skills. Strong knowledge of critical security controls (NIST Catalog 800-51?) Working knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve, and prevent violations of IT security, to protect organizational data. Must be a U.S. Citizen. Helpful but not required:
Experience managing cyber security risk in the context of standard enterprise risk management practices. Working knowledge of scripting languages and/or process automation tools and techniques. MS SharePoint administration. JIRA Software administration. Familiar with NIST 800 special publications, ISO 27000, Cloud Security Alliance (CSA), and FedRAMP. Meaningful industry certifications such as AWS Security, CISSP, CISA, CRISC, CCSK, and/or CCSP. Effective October 1, 2021, all employees must be fully vaccinated against COVID-19 or qualify for an accommodation from the Bank's vaccination policy; the Bank will provide accommodations as required by law for individuals unable to be vaccinated due to medical condition or sincerely held religious belief. At the Federal Reserve Bank of San Francisco, we offer a wonderful benefits package including:
Medical, Dental, Vision, Pretax Flexible Spending Account, Paid Leave Care, Backup Child Care Program, Pretax Day Care Flexible Spending Account, Vacation Days, Sick Days, Paid Holiday's, Pet Insurance, Matching 401(k), and an unheard of Retirement / Pension. At the SF Fed, we believe in the diversity of our people, ideas, and experiences and are committed to building an inclusive culture that is representative of the communities we serve. The SF Fed is an Equal Opportunity Employer. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. #LI-Hybrid
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
