Information Security Risk Assessment Lead
The Federal Reserve Bank of New York works within the Federal Reserve System and with other public and private sector institutions to foster the safety, soundness and vitality of our economic and financial systems. The Information Security group is responsible for executing initiatives and providing services that ensure the adequate protection of the organization's information assets in order to minimize the risks of disruption to our Nation’s critical economic and financial systems, and payment infrastructure.
Information Security is responsible for executing initiatives and providing services that ensure the adequate protection of the organization's information assets in order to minimize the risks of disruption to our Nation’s critical economic and financial systems, and payment infrastructure. Job Description:
- Provide information security subject matter expertise and consultations to payment and monetary policy instrumentation functions.
- Perform information securityrisk assessments and management including third party information technology assets based on the NIST framework.
- Support and conduct vulnerability analysis including penetration testing, threat modeling, secure code reviews, and red teaming.
- Support the incident response and intrusion detection program.
- Write technical reports based on assessment activities and results.
- Demonstrate experience in the area of risk and controls across various IT platforms including web, Cloud, applications, database, operating systems, infrastructure, and networksecurity.
- Experienced in performing securityrisk assessments including external third party systems.
- Ability to understand, and clearly articulate complex technologyrisks or control deficiencies to technical and non-technical business representatives, and translate into business risks. Be able to recommend security solutions and remediation.
- Experienced in conducting vulnerability analysis including penetration testing, threat modeling, secure code reviews, and red teaming is a plus.
- Strong knowledge of information securitylandscape, security solutions, and current and emerging securitythreats.
- Exceptional analytical, critical thinking and decision making skills.
- Ability to manage multiple projects and tasks simultaneously, and prioritize risk assessments and complete within defined time frames.
- Organized, self-motivated and able to work independently with minimal supervision.
- Relevant industry accepted security certifications (CISSP, CISA, CRISC, SANS, etc.) a plus
- Candidate must have a minimal 5 years of experience in an information security role.
- Bachelor's Degree in a relevant field of work or equivalent work experience.
- Possession of or the ability to obtain and maintain national security clearance which requires U.S. Citizenship.
- Possession of or the ability to obtain CISSP or similar security certification.