hero



Senior Cybersecurity Third Party Risk Analyst

Federal Reserve Bank of Minneapolis

Federal Reserve Bank of Minneapolis

IT
Atlanta, GA, USA
Posted on Monday, September 25, 2023

Company

Federal Reserve Bank of AtlantaWhen you join the Federal Reserve—the nation's central bank—you’ll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems. We dedicate more than $1 billion to technology each year to support the Federal Reserve and our economy, and we’re building a dynamic and diverse team for our future.

Bring your passion and expertise, and we’ll provide the opportunities that will challenge you and propel your growth—along with a wide range of benefits and perks that support your health, wealth, and life. In addition to competitive compensation, we offer a comprehensive benefits package that includes tuition assistance, generous paid time off, top-notch health care benefits, child and family care leave, professional development opportunities, a 401(k) match, pension, and more. All brought together in a flexible work environment where you can truly find balance.

As the Sr. TPRM (Third Party Risk Management) Analyst under limited supervision, responsible for developing and implementing systems and processes to protect the Bank’s information resources. Proactively researches and gathers information security intelligence and best practices to address emerging security needs. Acts as a subject matter expert and senior consultant to business clients and department management on matters of third party risk. Provides expert guidance to department management and business lines to ensure compliance and mitigation of risks. Owns objectives that support Department Strategic Goals. Generally acts in either an assurance or operational capacity.

A requirement of this position is that the employee must be fully vaccinated against COVID-19 or qualify for an accommodation from the Bank’s vaccination policy. To provide for the health and safety of its employees and support the Bank’s mission to the greatest extent possible, the Bank decided to adopt this requirement after careful review of public health information, workforce data, employee feedback, and the Federal Reserve System’s pandemic recovery plans. The Bank requires all employees to be vaccinated fully against COVID-19 as a condition of employment.

Key Responsibilities:

  • Develops and maintains strong working relationships with business areas throughout the enterprise. Advises business lines and IT team on security requirements and best practices
  • Provide periodic compliance/risk assessments and deliver business focused analysis
  • Execute on strategy and develop services to address specific information assurance, risk management, and related compliance issues
  • Perform third party risk assessments upon all third parties at point of engagement and throughout the supplier relationship.
  • Work with third parties and their internal relationship owners to identify and remediate risks as required 5%
  • Provide clear and high-quality risk reports, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of third parties
  • Perform and provide data analyses reporting on third party risk
  • Support contractual reviews for new and existing suppliers
  • Leverage intelligence, industry best practices (NIST CSF) and the regulatory landscape (such as GDPR, FCA, and FFIEC) to ensure a rounded assessment of the security risk posed to the Bank
  • Serves as a subject matter expert (SME) for providing oversight of platform implementation, and development and optimization to improve overall vendor risk posture
  • Coordinates with vendors to ensure managed services are implemented and maintained appropriately • Track and communicate overall program performance, ensuring program milestones remain on track and are completed timely
  • May participate in strategic planning activities, other Information Security Projects, or other district/system priorities, including workgroups and initiatives, as requested
  • Serves as the subject matter expert (SME) for the development of processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.
  • Travel may be required for this position

Education:

Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.

Experience:

Five to seven years of Information Security or IT audit experience preferred. Experience in vendor risk management, cyber risk, procurement, enterprise risk management, operational risk, internal audit, and/or controls related function is required.

Functional Knowledge Preferences

Knowledge Areas:

  • Info Security Frameworks
  • Network Design & Architecture
  • Third Party Cyber Risk
  • GRC Solutions
  • Technical Writing
  • Vendor Risk Management Tools
  • Automated Workflow Management

Technical Knowledge:

  • GCWN/GCUX/GSEC/ GISF CISA/CAP/ SSCP /CRISC
  • GCIH / GCIA / CISSP
  • Security+

Our total rewards program offers benefits that are the best fit for you at every stage of your career:

  • Comprehensive healthcare options (Medical, Dental, and Vision)
  • 401K match, and a fully funded pension plan
  • Paid vacation and holidays; flexible work environment
  • Generously subsidized public transportation
  • Annual tuition reimbursement
  • Professional development programs, training and conferences
  • And more…

This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change (e.g. emergencies, rush jobs, change in workload or technological developments).

The Federal Reserve Bank of Atlanta is an equal opportunity employer.

Full Time / Part Time

Full time

Regular / Temporary

Regular

Job Exempt (Yes / No)

Yes

Job Category

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice