IT Risk Management Analyst / Senior IT Analyst - Bank Supervision

Federal Reserve Bank of Minneapolis

Federal Reserve Bank of Minneapolis

Philadelphia, PA, USA
Posted on Friday, August 4, 2023


Federal Reserve Bank of PhiladelphiaThe Federal Reserve Bank of Philadelphia is one of the 12 regional Reserve Banks that, together with the Board of Governors in Washington, D.C., make up the Federal Reserve System. It helps formulate and implement monetary policy, supervises banks and bank and savings and loan holding companies, and provides financial services to depository institutions and the federal government. The Federal Reserve Bank of Philadelphia serves eastern and central Pennsylvania, southern New Jersey, and Delaware.

This Job Description is for the Information Technology Job Family, aimed primarily for positions within the Supervision Team Site Support Office (STSSO), Business Technology Solutions (BTS), and Infrastructure Office (IO) business groups; but could include anyone within Supervision Regulation and Credit that performs these tasks. An ideal candidate must have knowledge of, be able to perform actions that are related to activities in the designated business line. In the Analyst position an incumbent will possess and apply comprehensive knowledge of information security and technology to oversee and execute all risk management program activities for the S&R Department in a highly effective manner. Lead or participate in management discussions and through inter- and cross-department, Reserve Bank, and Board of Governors (BOG) work teams with a risk management focus, recommend and implement solutions, track and resolve issues, and keep work teams and project sponsors fluidly informed about work activity and issue status through to completion. Apply comprehensive knowledge of the supervision and regulation business line and coordinate all business-specific compliance with the Board Information Security Program (BISP) and Security Assurance for the Federal Reserve (SAFR) policies. Participate in System projects and special task forces to contribute desired level of expertise and represent local interests in those efforts.

What You Will Do:

  • Oversees the Philadelphia S&R Department security program and coordinates completion of all required activities directly or with assigned individuals. Primarily responsible for all compliance activities under the BOG Information Security Program (BISP) including but not limited to:
  • Review each FISMA control for every BISP asset on an annual basis. Provide evidence from data owner on compliance and attaching to necessary\pertinent control. Circle back as additional clarification or inconsistencies are identified by the BOG to perform any rework. When exceptions are generated from a vulnerability or audit finding with an asset, work with business owner(s) and data owner to inform them of risk issues that need to be addressed, working with other IT departments (local\national), as well as the BOG to obtain additional clarification when inconsistencies are identified by the BOG to perform any rework, and other follow up activities through to exception closure.
  • Coordinates conversations and risk management activities between SRC staff, local Information Security, and BOG representation when new assets are being planned/built.
  • Updates into BOG BISP repository to add required information from developers and data owners.
  • Reviews all SAFR assets and controls for the department and ensures that all required supporting documentation is gathered and is accurate/complete.
  • Partner with Information Security to document required risk assessments for special software needs and other use cases.
  • Ensures compliance with BOG Administrative Directive (AD) letters that relate to security, including additional protections for S&R Confidential Information, tracking of Confidential Supervisory Information (CSI) eligibility/access, and Microsoft Office file inspection and cleansing.
  • Performs comprehensive inspection and cleansing of Microsoft Office files for department staff prior to external distribution, per department and BOG policy. Develops strategy to analyze Role-based security model for Philadelphia S&R and implement such model to introduce simplicity and logic into access provisioning.
  • Coordinates Philadelphia S&R security access and tool reviews at required frequency and according to timeline published by National IT Access Management Provisioning (AMP) group.
  • Review types include but are not limited to:
  • Active Directory and Enterprise Directory users and groups in District and National IT domains; Outlook groups; Notes groups; shared file directory permissions, National IT user accounts and permissions; mailing lists; authorized token users; authorized approvers; service and firecall accounts for all servers; SharePoint site ownership and membership; QL environment users and group access; Enterprise Password Vault accounts (groups and users); and special S&R applications / information types.
  • Oversees all FedIdentity tool requests related to Philadelphia S&R users, groups, and accounts. This activity may also entail working with other S&R Information Security Work Group (ISWG) members to submit requests for access to other District groups through local ISWG member. Partners closely with the AMP team to work through issues, ensure that requests are being processed in a timely manner, and follow up with S&R management with updates on open work items.
  • Partners closely with local Information Security to ensure that security incidents for Philadelphia S&R staff are reported promptly and accurately to the appropriate parties.
  • Maintains deep understanding of BOG and FRS security requirements and tools, consults with department staff to create clarity and offers solutions to fill gaps and create better understanding and use of tools.
  • Ensures that all employee changes, transfers, and larger division/department reorganizations are reviewed in a timely manner to prevent unauthorized access to FRS and System resources.
  • Makes recommendations to management about when Enhanced DLP and other risk mitigation tools should be used to protect sensitive information from higher risk users/groups based on employment status.
  • Conducts security orientation class for new hires and provides refresher training on specific topics as requested by management.
  • Maintains the departments Access Request Center (ARC) maintenance and ensures that the group mailbox contains all documentation supporting security changes and responses from management about access reviews, SharePoint site reviews, and so forth.
  • Responsible for coordinating all NIC access requests and SES InvestorTools access changes.
  • Monitors and performs required level of follow-up with management to ensure that all staff complete required Annual Security Matters training, quarterly Phishing class when users fail test, and other special security topic training.
  • Serves as the department Subject Matter Expert (SME) on where to store and how to handle
  • Confidential Supervisory Information (CSI).
  • Participates in System and BOG-sponsored discussions and work teams.
  • Serves as the S+R Department Security Coordinator by liaising with local Information Security on all activities. Produces and maintains documentation for current operational processes and procedures.
  • Participates in Bank, department, or system projects of moderate to high complexity. Demonstrates effective SRC Core Competency skills for grade and position. Performs other related duties as assigned. Actively involved in the accomplishment of departmental and Bank wide quality initiatives. Complies with all applicable information security policies, guidelines, and practices.

What You Have:

Knowledge and Skills:

  • Advanced written and oral communications skills.
  • Independently, presents both orally and in writing, findings and assessments concerning highly complex supervisory matters or institutions; prepares and presents information and responses to highly complex inquiries; demonstrates the ability to manage the communication process; the ability to communicate information in an articulate, accurate, and timely manager to all levels in the department, Reserve Bank, and System, to explain complex issues clearly and concisely; actively engages in transferring technical knowledge; diffuses conflict and builds consensus.
  • Advanced analytical and problem-solving skills.
  • Possesses a logical, analytical and creative approach to problems; Demonstrates expert-level analytical and problem-solving skills; organizes data and information in a manner that effectively communicates issues; identifies underlying issues or problems and recognizes symptoms that indicate more severe problems or issues.
  • Critical thinking skills to support sound troubleshooting and research into risks and vulnerabilities. Should be skilled at finding answers through a variety of reliable means.
  • Advanced interpersonal skills.
  • Ability to lead and participate effectively on a team; leads complex and diverse team efforts by virtue of both technical expertise and leadership/skills of influence; draws on experience to resolve highly complex issues; displays strong interpersonal skills in dealing with people at all levels of an organization, within a team-based and collaborative learning environment.
  • An ability to excel at both working on their own and as part of a larger (physical or virtual) team; working with a variety of people in the Federal Reserve System and the BOG; must possess outstanding initiative and interpersonal skills are fundamental for success.
  • Advanced time management skills. Possess a meticulous and organized approach to work; Identifies and assesses highly complex supervisory issues; effectively manages highly complex issues in order to meet our objectives and goals.
  • Demonstrated skills in multitasking, and stress management to ensure that tasks get completed on time in a fast-paced environment under tight deadlines.
  • Advanced knowledge of various computer systems and technologies with an ability to learn new skills and technology quickly.
  • An awareness of current issues affecting the industry and its technologies.
  • Advanced self-motivation and leadership skills are essential in order to obtain results from different groups of people to complete work responsibilities within reasonable and sometimes tight timeframes.
  • Must be proficient with task delegation and follow up across units, departments, and Reserve Banks.
  • Subject to minimal to no oversight in work performed; interacts with department management to discuss and plan for changes that require risk management or security support; serves as mentor and/or coach and provides constructive feedback to less experienced staff; engages other stakeholders in collecting feedback and input to complete work activities.
  • An established discipline and experience with recognizing and proper handling confidential and sensitive information. Preferred knowledge of the S&R Department, Confidential Supervisory Information (CSI), and access needed for each division/unit.

Education and Experience:

  • A Masters degree with a concentration in Security or Information Technology - or equivalent significant work experience (10+ years) in information technology and/or IT project management is required.
  • Required Information Security Certifications are the CISSP, ISSP, BISP, and SAFR. Must have strong experience with application security, authentication methods, and preferred knowledge about the Federal Information Security Management Act (FISMA)Preferred strong experience with how FRS security products work including but not limited to: Data Loss Prevention (DLP), sDLP, Titus (Outlook plug-in), Symantec, Network Access Control (NAC), Ironkeys, IntraLinks, Transport Layer Security (TLS), and ZixMailManagerial skills and experience are desirable.
  • Must possess a strong proficiency with Microsoft Office suite functionality including the Outlook, Word, Excel, PowerPoint, Skype, and SharePoint products.

Other Requirements: Applicants must be able to provide work authorization to prove their eligibility to work in the United States. An applicant for employment also must be a U.S. Citizen, U.S. National, or hold permanent resident status with intent to become a U.S. Citizen.

Note: This document indicates the general nature and level of work performed by employees within this position. It is not a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. An employee’s responsibilities, tasks, and duties might differ from those outlined in the job description, and other duties, as assigned, are a part of the job. The Federal Reserve Bank of Philadelphia reserves the right to modify the elements of this job description, as business needs require.

The salary grade for this position is: (15/16).

We offer a great benefits package that features:

  • Medical (4 options), Prescription, Dental (3 options), and Vision Insurance with no waiting period
  • 401k/Thrift Plan with generous employer match
  • Employer-funded Pension Plan
  • Paid Vacation/Sick Time & Holidays
  • Monthly $100 Commuter Allowance
  • Flexible Spending Accounts and Healthcare Spending Accounts
  • Flexible Work Schedule available in most departments
  • Life Insurance and Long Term Disability Insurance
  • Tuition Reimbursement (undergraduate and graduate)
  • Parental Leave
  • Free onsite 24/7 Fitness Center including training classes, Peloton bikes and locker room / shower facilities
  • Onsite Cafeteria & Coffee Shop
  • Additional Convenience Benefits, Discounts and More…

Additional Information:

  • The Federal Reserve Bank of Philadelphia believes that diversity, equity and inclusion among our employees is essential to our success as an organization, and we want to recruit, develop and retain the most accomplished people from a diverse candidate pool. To support a workplace culture of belonging, we offer eight employee resource groups (ERGs) and a 100 percent rating on the Human Rights Campaign (HRC) Corporate Equality Index. The Federal Reserve Bank of Philadelphia is proud to be an equal opportunity workplace.
  • We have eight employee resource groups (ERGs) to support a diverse workforce. Abilities (supporting disabilities and allies), African Heritage, Asian-Pacific, Freedom (supporting LQBTQ+ and allies), Talent Forward (supporting career growth), Women United, Working Families and Veterans. ERGs are open to all employees.
  • We will ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job responsibilities, and to receive other benefits and privileges of employment.
  • All Federal Reserve Bank of Philadelphia employees must comply with the Bank's ethics rules, which generally prohibit employees, their spouses/domestic partners, and minor children from owning securities, such as stock, of banks or savings associations or their affiliates, such as bank holding companies and savings and loan holding companies. If you or your spouse/domestic partner or minor child own such securities and would not be willing or able to divest them if you accepted an offer of Bank employment, you should raise this issue with the Recruiter for this posting, who can provide you contact information for our ethics officer if necessary. You should review the Bank's Employee Code of Conduct to ensure compliance with conflict of interest rules and personal investment restrictions.
  • Background investigations and drug testing are required for all new hires as a condition of employment, after the job offer is made. Candidates for positions deemed as "safety sensitive" will also be screened for the presence of marijuana. Employment may not begin until the Bank accepts the results of the background investigation.
  • All employees will be subject to FBI fingerprint / criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years.
  • This position requires access to confidential supervisory information and/or FOMC information, which is limited to “Protected Individuals” as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, and U.S. permanent residents who either are not yet eligible to apply for naturalization or who have applied for naturalization within the requisite timeframe. Candidates who are permanent residents must sign a declaration of intent to become a U.S. citizen when eligible to do so and pursue a path to citizenship. Candidates who are not U.S. citizens or U.S. permanent residents may be eligible for the information access required for this position if they sign a declaration of intent to become a permanent resident and a U.S. citizen and meet other eligibility requirements.In addition, all candidates must undergo an applicable background check and comply with all applicable information handling rules.
  • The above statements are intended to describe the general nature, level of work and the requirements of this position. They are not intended to be an exhaustive list of all responsibilities associated with this position or the personnel so classified. While this job description is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion at any time.
  • This is not a 100% remote opportunity. You will be available to work on-site in at least a hybrid capacity.
  • Learn more about the Philly Fed and its culture. Learn more about working for the Philly Fed.

Full Time / Part Time

Full time

Regular / Temporary


Job Exempt (Yes / No)


Job Category

Bank Examination

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice