Cybersecurity Risk Analysis - Senior Associate, Supervision Group
The objectives of this unit are to:
• Establish and oversee the implementation of a sustainable risk-based cyber risk analysis capability to enhance the existing supervisory and regulatory practices;
• In collaboration with other FRB’s and the Board, influence and sustain a Risk Analysis Competency and Practice Methodology that will enable the Federal Reserve’s supervisory community to adequately identify, evaluate, monitor and measure systemic, current and emerging cybersecurity risks, trends and countermeasures impacting the financial services sector:
• Apply risk management methodologies and practices to evaluate, measure and prioritize financial sector cybersecurity risks;
• Identify supervisory topics for upcoming supervisory planning cycles;
• Develop a capability that harnesses data to assess financial system interconnectedness and the impact of cyber risks to the financial sector;
• Leveraging enhanced data analytics develop and maintain key measures and indicators to better understand cybersecurity risk from a firm and sector-wide perspectives;
• Provide analysis in response to FI cyber vulnerabilities; and
• Advise Supervisory staff on technically advanced Cybersecurity policy interpretations and supervisory matters.
• Build partnerships with other agencies including those within the domestic / international regulatory and intelligence community to establish a consistent cyberrisk assessment and monitoring approaches.
Individuals in this job family have exceptional analytical and decision making skills with expertise in cybersecurityrisks management, securityarchitectures and cyber controls and countermeasures. Additionally, candidates should have familiarity with data science concepts and practices in order to develop enhanced, data-driven analytics to support the Risk Analysis Competency.
• Assist with the implementation of the function’s methodology and practices for identifying, evaluating and prioritizing cyber risks across the financial sector and portfolios of firms.
• Apply expertise in both host and network architectures to ascertain the impact of an attack and analyze threat trends, mitigation techniques and countermeasures to better assess cyber risks.
• Develop data-driven analytics to enhance cross-firm analyses that provide insights in systemic, current and emerging cybersecurity risks and trends impacting supervised institutions and the sector as a whole.
• Conduct research using multiple data sources, perform analysis on financial sector risks and disseminate findings to both technical and non-technical audiences.
• Serve as a subject matter expert on identify, collect and maintain the necessary data to represent cybersecurity postures of financial market participants.
• Provide and share subject matter expertise of cyber risk management capabilities, emerging cyber risks, and cybersecurity risk management countermeasures, practices and tools.
• Recommend and design policy and standards to address top risks in the sector.
• Ability to apply knowledge of the financial industry regulation, guidance and supervisory practices to help influence and shape safe and sound cybersecurity risk management practices, countermeasures and controls.
• Coordinate and collaborate analytic efforts amongst supervisory and intelligence teams during a critical cyber event or crisis
• Produce analytics reports through repeatable, data-driven, quantitative methods using all available data to influence the direction of cyber policy.
• Develop relationships with subject matter experts and critical internal and external stakeholders in order to appropriately elicit the information required for the work and influence the outcome of resulting decisions.
• Communicate to supervisory leaders the conclusions and recommendations from risk analysis work.
• At a minimum, bachelor’s degree in business or IT related field. Preferred certifications include Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).
• 5+ year’s relevant information security and IT risk management experience
• Strong knowledge of current security threats, techniques, and landscape.
• Strong knowledge of and experience in addressing the security concerns facing large enterprises.
• Demonstrated ability in developing, implementing and executing cybersecurity risk assessments.
• Experience with data science concepts and methods to harness and analyze sets of heterogeneous data using analytical and visual tools to support data analytics and predictive modeling capabilities. In particular, prior experience with tools such as Python, R and/or
data link-analysis and visualization technologies.
• Ability to understand and synthesize technical issues to both technical and business representatives.
• Ability to think outside of the box and to learn new approaches to modeling problems with a focus on the practical application of the results.
• Team player with excellent consultative, communication, writing and project management skills.
• Ability to obtain and maintain US Security Clearance.
This position requires access to confidential supervisory information, which is limited to "Protected Individuals" as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so.
The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.