Portfolio Coordination Group (PCG) Senior Risk Specialist
Federal Reserve Bank of Minneapolis
CompanyFederal Reserve Bank of AtlantaThe Federal Banking Agencies (FBAs) jointly conduct the supervision of technology services provided by certain third-party service providers under the authority provided in the Bank Service Company Act (BSCA). The Service Provider Program currently includes third-party service providers that are deemed particularly systemically important (i.e., Significant Service Providers, or SSPs) and the ones that are deemed less so (Regional Service Providers, or RSPs). Oversight of the Federal Reserve’s supervision of SSPs will be conducted by the SSP Management Group (MG).
The SSP portfolio is looking for highly motivated individuals to join the Portfolio Coordination Group (PCG), which supports the SSP MG in carrying out the MG’s governance and oversight responsibilities over the Federal Reserve’s SSP portfolio. The PCG coordinates supervisory program execution to ensure portfolio-wide transparency and consistency in a manner aligned with the strategic direction, priorities and plans set forth by the SSP MG. The PCG Senior Risk Specialist will report functionally to the PCG Lead. Administrative reporting will be through the Federal Reserve Bank of Atlanta.
*This position can be located in Atlanta, GA OR any branch of the Federal Reserve Bank where you can meet the hybrid work requirement.
- Contributes to review of cybersecurity and/or cloud security examinations to determine the effectiveness of a FI’s and SSP’s cybersecurity posture and validate remediation efforts of identified issues.
- Contributes on Federal Reserve System and local cyber security and/or cloud security initiatives related to training, committees, and development of policy statements to enhance the supervision of FIs and SSPs.
- Supports review of supervisory plans for relevant cybersecurity and/or cloud security areas and effective risk-based supervision factoring in size and complexity of target firms.
- Conduct horizontal (second-level) reviews of key Central Point of Contact’s (CPC’s) work products such as supervisory plans / strategies, exam scopes, conclusion memos, supervisory letters and reports of examination, findings and ratings, vetting deliverables following first-level review by the Responsible Reserve Bank.
- Lead initiatives that modernize SSP supervision and assist with the vetting preparation of supervisory strategies, significant findings, and ratings.
- Conduct and contribute to cross-entity work (e.g., scenario-developed analysis)
- Identify, develop, and execute horizontal review topics
- Implement SSP program enhancements or policy changes
- Develop quarterly portfolio-level continuous monitoring topics
- Develop portfolio-level analytics packages and dashboards
- Coordinate incident response, threat and vulnerability monitoring
- In coordination with the Reserve Bank Managers and Reserve Bank Partner(s) responsible for overseeing SSP CPCs and SSP cyber resources
- Contribute to OASiS implementation and enhancements
- Other duties as assigned
- Strong knowledge of supervision and the examination process to drive change and manage risk
- Strong understanding of operational and cyber resilience, cloud security, third-party risk management and legal and policy mandates in the financial sector that pertain to third-party risk management and cybersecurity risks and industry standards and guidance (i.e., FFIEC IT Handbook and NIST CSF)
- Previous SSP CPC experience and examiner commission a plus
- Strong critical thinking, analytical and data analysis skills
- Proven ability to effectively influence outcomes and build consensus across multiple stakeholders
- Ability to combine risk analysis with sound judgement in proposing recommendations
- Ability to engage and influence cross-functional teams and work collaboratively with internal and external teams
- Excellent oral and written communications skills
- Ability to lead, juggle and effectively prioritize multiple projects simultaneously while meeting critical deadlines and stakeholder expectations
- Sound judgment, tact and diplomacy as well as keen political savvy and experience navigating complex third-party risk and cybersecurity issues.
Minimum 5 years of experience in at least some of the following domains:
- Cyber Security and IT Risk management
- Cloud Security
- Cybersecurity response and resilience
- IT Audit and/or IT examination or supervision
- Change and Configuration Management
- Asset and Lifecycle Management
- Vendor risk management
- Cybersecurity response and resilience
- Data governance and security
- Endpoint and server technologies
- Intrusion detection and prevention systems
- Identity access management and access control
- Threat and vulnerability management
- Problem and Incident Management
- Effective written and verbal (including presentation and negotiation) communication skills in dealing with all levels of senior management, boards of directors and other regulatory agencies
- Analytical, problems solving and time management skills
Familiarities with –
- FFIEC, NIST, SANS and ISO standards and frameworks
- Information security, cybersecurity, and risk management principles
- Network management/architecture
Certifications/Licenses: Certified in CISSP, CISA, CISM, and/or industry certification is a plus. Cloud certification is preferred but not required.
- Start Date: Looking to fill by March 1, 2024
- Work Location: Within commuting distance of the Federal Reserve Bank of Atlanta, any of its branches, or another Federal Reserve Bank
- Full-time / Part-time: Full-time (100 percent commitment)
- Travel: Occasional travel is required with an expected range between 10% - 25%
Other Requirements and Considerations
- Candidates should review the Bank’s Employee Code of Conduct to ensure compliance with conflicts of interest rules and personal investment restrictions. The Code is available on the About Us, Careers webpage at www.richmondfed.org
- An applicant posting for employment as a Federal Reserve examiner/analyst must be a U.S. citizen or hold a permanent residence visa/Green Card and be an intending citizen
- Under conflicts of interest guidelines administered by the Board of Governors of the Federal Reserve System, examining personnel may not participate on an examination of a financial institution or affiliate if the examiner was employed by the financial institution or affiliate within the past 12 months.
- Please review the FRB Employee Code of Conduct to ensure there are no major issues related to your previous employment and current financial interests. (The Code is available at XXXXX.
- FRB ethics rules generally prohibit employees and their immediate families from owning investments in banks, savings associations or their holding companies (Section 5.3). Additionally, employees engaged in Supervision and Regulation may be subject to borrowing and deposit restrictions. These employees may need to recuse themselves from certain supervisory work based on:
- Their borrowing relationships (Appendix B Parts I.1, II.1 and II.2)
- If a financial institution or service provider employs a member of the employee’s immediate family (i.e. spouse, child, parent, or sibling) (Appendix B Part I.3 and Part II.3)
- If the individual was employed by the financial institution, service provider or affiliate within the past 12 months (Appendix B Part I.3 and II.3).
- In certain cases, the recusal may be so extensive it could materially reduce the effectiveness of the prospective employee
- Selected candidate is subject to special background check procedures
- Job title and salary offered will be based on the job responsibilities and the individual’s knowledge, skills, and experience as defined in the job qualifications/experience.
- Posting Eligibility: Posting open to current employees of the Board of Governors of the Federal Reserve System and Federal Reserve Banks, and qualified external candidates.
This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change (e.g. emergencies, rush jobs, change in workload or technological developments).
The Federal Reserve Bank of Atlanta is an equal opportunity employer.
Full Time / Part TimeFull time
Regular / TemporaryRegular
Job Exempt (Yes / No)Yes
Job CategoryBank Examination
Work ShiftFirst (United States of America)
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.