hero



Sr./IT Security Analyst

Federal Reserve Bank of Minneapolis

Federal Reserve Bank of Minneapolis

IT
Multiple locations
Posted on Thursday, May 30, 2024

Company

Federal Reserve Bank of San FranciscoWe are the Federal Reserve Bank of San Francisco—public servants with a mission to advance the nation’s monetary, financial, and payment systems to build a stronger economy for all Americans. We are a community-engaged bank, and are committed to understanding and serving the vibrant, expansive communities of the Twelfth District. That means we seek and appreciate new perspectives. We respect people for what they do and for who they are. We build opportunities to learn and grow. When you join the SF Fed, you become part of a diverse team united in its purpose to promote an economy that works for everyone.

The Federal Reserve Bank of San Francisco is looking for a Sr./IT Security Analyst to join our Information Security team.

What we are looking for:
Our ideal candidate has a strong security approach, a background in Information Security Risk Management, and is confident providing cyber security advice to leaders all the way to the executive level. You should have the ability to partner with business partners to find solutions, be comfortable presenting to groups of varying sizes, have strong customer service and relationship building skills, and be able to build trust and influence with technical and non-technical partners. Overall, the ability to proactively drive solutions, effectively collaborate across many disciplines and businesses, and a strong commitment to supporting the mission of the Federal Reserve are a must.

What you will do:
In this role, you will perform at an advisory level and demonstrate your experience in Information Security Risk Management and Information Security to develop positive working relationships and collaborate with various District organizations to advise on all efforts related to “Security Assurance for the Federal Reserve” (SAFR) for internal technologies and external service providers.

You will work with the other members of the Risk Management and Assessment Function of the Information Security team to perform risk assessments, communicate and document information security risk, evaluate security controls, and assess the quality of security control documentation. You will work with business partners to collect relevant information for both on-premises systems and third-party systems. You will provide risk guidance to ensure that senior leadership understands the key risks in the systems they own and how accepted risk compares with the risk appetite of the organization.

We empower our people to balance their life and work responsibilities. That’s why we offer a flexible hybrid work model that allows you to collaborate with office colleagues on some days, and work from home on others.

Essential responsibilities:

The ideal candidate for this role will have the ability to blend and apply their technical, organizational, business, and cyber security abilities, to:

  • Support 12th District risk strategies, identify risks in Bank processes and technologies, and lead improvement initiatives to manage risk.
  • Serve as a domain expert on security policy in the 12th District and influence policy development at the Federal Reserve System level.
  • Support and advise partners on compliance with Bank and FRS security controls, policies, and procedures.
  • Establish and foster long-term relationships with partners and contacts in assigned business areas.
  • Drive education of process/control owners, so they better understand the controls framework and their operational responsibilities.
  • Evaluate and advise application development teams on Secure Cloud Development and Operations practices.
  • Understand technical implementation details necessary to assess security risk in Cloud and on-prem environments and recommend security control improvements or identify mitigating controls.
  • Perform complex analysis of security issues and advise business partners on solutions.
  • Partner with developers and business areas to understand their technical and business requirements and help enable them to do their work securely.
  • Evaluate external service providers to identify and communicate associated risks and identify shared security responsibility between the vendor and the Federal Reserve.
  • Prepare assessment reports to document assessment scope, procedures, findings, and recommendations; interpret the significance of assessment findings, conclude on findings, and make practical recommendations for remediation.
  • Communicate security risk and implications to partners at all levels, including executives.
  • Collaborate and influence work multi-functionally; navigate ambiguity while leading multiple projects simultaneously in a fast-paced, results-driven environment, accepting accountability of the process and delivering on commitments.

Requirements:

  • Bachelor’s degree in Computer Science/Cybersecurity, or related disciplines and/or equivalent work experience.
  • The IT Security Analyst role typically requires two or more years of experience in cybersecurity including security advising, security assessment, security architecture, and/or security engineering. The Sr. IT Security Analyst role typically requires five or more years of experience in cybersecurity including security advising, security assessment, security architecture, and/or security engineering.
  • Familiarity with NIST 800 special publications, FedRAMP, and other risk frameworks
  • Able to explain complex IT and data related issues to non-expert, non-IT staff and management in a manner that allows clear comprehension of the risk implications.
  • Understanding of Secure Cloud Development principles and practices with the ability to explain them to others and assess maturity of implementations.
  • Ability and willingness to work responsibly without direct supervision in a hybrid environment.
  • Excellent customer service, collaboration, interpersonal, and influencing skills.
  • Superb communication skills (written and verbal), critical thinking, analytical, and problem-solving skills.
  • Track record of taking initiative to address problems and make process improvements.
  • Self-starter with the ability to prioritize work and balance multiple projects and tasks simultaneously.
  • Exceptional consultative skills and a demonstrable ability to work effectively with business partners, internal management and staff, and vendors and consultants.
  • This position requires access to confidential supervisory information, which is limited to “Protected Individuals.” Protected Individuals include, but are not limited to, U.S. citizens and U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so or who will sign a declaration of intent to apply for naturalization before they begin employment.

Desired skills:

  • Meaningful industry certifications such as CISSP, CRISC, and/or CCSP. Cloud vendor specific certifications such as AWS Security Specialty and/or Azure Security Engineer Associate.

Base Salary Range for IT Security Analyst: Min: $97,600 - Mid: $126,800 - Max: $155,900(Location: San Francisco)
Base Salary Range for Sr. IT Security Analyst: Min: $113,600 - Mid: $147,600 - Max: $181,600(Location: San Francisco)

Final salary and offer will be determined by the applicant’s background, experience, skills, internal equity, and alignment with market data.

We offer a wonderful benefits package including: Medical, Dental, Vision, Pre-tax Flexible Spending Account, Backup Child Care Program, Pre-Tax Day Care Flexible Spending Account, Paid Family Care Leave, Vacation Days, Sick Days, Paid Holidays, Pet Insurance, Matching 401(k), and Retirement/Pension.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. The SF Fed is an Equal Opportunity Employer.

#LI-Hybrid

Full Time / Part Time

Full time

Regular / Temporary

Regular

Job Exempt (Yes / No)

Yes

Job Category

Information Technology

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice