Information Security Specialist

Federal Reserve Bank of Minneapolis

Federal Reserve Bank of Minneapolis

Multiple locations
Posted on Wednesday, May 22, 2024


Federal Reserve Bank of Kansas CityThe Federal Reserve Bank of Kansas City is seeking an Information Security Specialist to provide security risk monitoring, analysis, and ongoing assurance activities. Responsibilities include enabling and facilitating an understanding and of the Federal Reserve System information security policies and related requirements. They also take organizational practices and align these practices with security industry best practices. You will be involved in a mixture of project work and operational services, including consulting and subject matter expertise to internal information technology (IT) and business customers.

Candidates with expertise in NIST 800-53, Artificial Intelligence, or FAIR risk assessment methodologies will be highly fulfilled in this role.

Key Activities:

  • Develops and maintains the information security posture (rules, controls, security safeguards, etc.) to protect the Bank’s information assets.

  • Analyzes, documents, and communicates risks using the Security Assurance for the Federal Reserve (SAFR) risk management process.

  • Plans, develops, and delivers initiatives that promote sound cyber security practices to include creation and delivery of training (general, business-specific, etc.). Evaluates programs for effectiveness and improvement.

  • Analyzes the results of assessments, compliance activities, etc., then reports on the results and provides remediation recommendations.

  • Determines asset risk levels, coordinates the development of a security plans, and generates a security packages.

  • Reports on compliance and policy exceptions. Maintains non-compliance risk acceptance reviews and facilitates an approval process; provides recommendations on non-compliance situations and monitors their delivery.

  • Provides input to the NIST Risk Management Framework (RMF) process activities and related documentation such as system lifecycle support plans, operational procedures, training materials, etc.

  • Participates in supplier assessments such as third-party vendors, cloud services, etc. by evaluating responses against required controls to identify gaps.

  • Assist with information risk management services including risk assessments (SAFR) for new and existing Information Technology (IT) automation products and projects.

  • Enforces information security policies and procedures by creating security reports; reviews information security policy documentation; and investigates possible security exceptions.

  • Defines and maintains information security non-compliance (risk acceptance) review and approval processes; provides recommendations on information security noncompliance situations.

  • Assists in department self-audit, internal audit, external audit reviews, and risk assessments for the department and for end user departments.

  • Provides guidance and training to less experienced staff performing various activities.

  • Assists with the security communications, education and outreach programs. Helps plan, develop, and deliver initiatives that promote sound information security practices including the creation and delivery of specialized business-specific security awareness training.

  • May participate in organization-wide and/or local workgroups to identify security issues and vulnerabilities, assess risks, and determine feasible alternatives and costs.


  • Typically requires at least 3 years of relevant IT experience.

  • High school education or GED. Associate’s degree specializing in an information technology field from an accredited college or university or technical school, or equivalent combination of directly related education and/or experience preferred.

  • Industry recognized security certifications such as CISSP, CISM, CISA, AWS Security and others are preferred.

  • Experience leading or assisting with cyber security risk assessments or cyber security related initiatives/projects.

  • Experience with risk-based control assessment methodologies.

  • Experience developing assessment reports that effectively and concisely communicate results and risks to a variety of stakeholders.

  • Familiarity with Federal Information Security Modernization Act (FISMA), FedRAMP, and other NIST 800 publications.

  • Demonstrated ability to lead multiple projects simultaneously and to work in a highly dynamic, rapidly changing environment.

  • Excellent interpersonal, communication, organizational, and analytical skills.

  • Excellent consultative skills and the proven ability to work effectively with business partners, internal management and staff, vendors, and consultants.

  • Works under direction; follows established methods and policy. Makes decisions when general instructions or established methods indicate an action to be taken.


  • Hybrid – Kansas City, Denver, Omaha, Oklahoma City

  • Remote Eligible – No

Screening Requirements:

  • This position has additional screening requirements due to the information accessed while performing the job. These additional screenings would be initiated at the time of offer acceptance and can take up to a couple of months to be completed. You can begin work before the screening is completed; however, continued employment is contingent on acceptable screening results. The areas screened may include education/employment verification, criminal history, credit history, and reference checks.

  • United States citizenship is required for this position.


  • Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.

About Us:

Follow us on LinkedIn, Instagram, X (formerly Twitter), and YouTube

Full Time / Part Time

Full time

Regular / Temporary


Job Exempt (Yes / No)


Job Category

Information Technology

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice