Cyber Security Risk Assessment and Management Officer – Information Security – Technology Group-256234
Federal Reserve Bank of New York
NY-New York City
Full-time / Part-time
Yes, 15 % of the Time
Work Hours 8-5
Principle Duties and Responsibilities:
The information security manager leads a team that develops, executes, and enhances the Bank's cyber security risk assessment and management program. The position resides in the Information Security Function and reports to the Head of the Risk Assessment and Management Department. Specifically, the role will be responsible for leading and overseeing:
- 3rd party cyber risk management frameworks, processes, and assessments, and;
- Process-driven cyber security assessments that assess cyber security across organizational boundaries for a full end-to-end view.
The role will work with other leaders and areas within the Information Security Function to integrate and rationalize these services with the objective of providing a comprehensive and seamless process to the Bank and business areas. The role will also be someone who has a very strong understanding of information security fundamentals, the threat landscape, and how those apply to the risk posture of business processes. The role will need to be very capable at explaining technical issues to wide spectrum of audiences, both technical and non-technical.
The role will work with Risk Assessment and Management leadership team to promote a healthy culture of security risk management throughout the Bank, and support the objectives of the different risk assessment teams to ensure mutual success.
Required Technical Skills:
- Experienced in leading security teams in a large organization to carry out security assessment and management activities including execution of activities, resource planning, and escalation management.
- Lead and manage the development, implementation and enforcement of security policy, guidelines and procedures to ensure ongoing maintenance of security.
- Strong understanding of industry standard information security control frameworks, particularly with respect to third party cyber risk.
- Advise and educate IT teams on emerging vulnerabilities and mitigation tactics. Demonstrate experience in the area of risk and controls across various IT platforms including web, Cloud, applications, database, operating systems, infrastructure, and network security.
- Create and report cyber security metrics with respect to risk assessment and management activities that inform on cyber risk posture, leveraging industry standards and comparatives that then act as an input into the Bank's cyber risk management process.
- Experienced in performing security risk assessments including external third party systems and providers.
- Ability to understand, and clearly articulate complex technology risks or control deficiencies to technical and non-technical business representatives, and translate into business risks. Be able to recommend security solutions and remediation.
- Experience working with results generated from vulnerability analyses, penetration testing, threat modeling, and secure code reviews.
- Strong knowledge of information security landscape, security solutions, and current and emerging security threats.
- Exceptional analytical, critical thinking and decision making skills.
- Ability to manage multiple projects and tasks simultaneously, and prioritize risk assessments and complete within defined time frames.
- Organized, self-motivated and able to work independently with minimal supervision.
- Relevant industry accepted security certifications (CISSP, CISA, CRISC, SANS, etc.) a plus
- Candidate must have a minimal 6-8 years of experience in leading an information security team.
- Possession of or the ability to obtain U.S. Government Security Clearance, which includes U.S. Citizenship
- Bachelor's Degree in a relevant field of work or equivalent work experience
- Possession of or the ability to obtain and maintain national security clearance
- Possession of or the ability to obtain CISSP or similar security certification