Cyber Security Risk Specialist

Company: Federal Reserve Bank of Cleveland ( Learn More )

General Information
US-OH-Cleveland
N/A
Not Specified
Full-Time
Not Specified
Up to 25%
False
False
Job Description The Federal Reserve Bank of Cleveland is part of the nation's central bank. We have provided many opportunities for professional growth during our history.

For eighteen years in a row, we have been named "One of Northeast Ohio's Best Places to Work" by North Coast 99. This prestigious award honors organizations with outstanding employment practices, including compensation, benefits, training, recruitment, retention, community services, and employee communications.

At our state-of-the-art Cleveland Office we are seeking innovative thinkers with vision to build the framework that will carry the Bank into the future. Join our team!
 
Cyber Security Risk Specialist
Bank Supervision
Operations Risk & Resiliency
 
The Cyber Security Risk Specialist will conduct cyber security risk management examinations primarily for large/complex financial institutions (FIs) and significant service providers (SSPs) under our supervisory authority. This specialist will serve as a Federal Reserve System subject matter expert. This specialist will be responsible for assessing FI/SSP cyber security and operations risk management programs, information technology operations, and management information systems to ensure they are operating in a safe and sound manner and complying with applicable banking laws, regulations, and policy statements. This specialist will lead and / or participate on national examinations for information security and cyber security, including assessing business resiliency and vendor risk management.
 
Essential Job Responsibilities
 
• Leads or participates on cyber security examinations to determine the effectiveness of a FIs and SSPs cyber security program and validate their remediation efforts of identified issues.
 
• Leads or participates on Federal Reserve System and local cyber security initiatives related to training, committees and development of policy statements to enhance the supervision of FIs and SSPs.
 
• Perform continuous monitoring across the FI and SSP portfolio to understand micro (institution specific), horizontal (industry wide/peer), and macro (financial system supervision) cybersecurity risks.
 
• Prepares informative, well supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings and required actions to senior management and board of directors.
 
• Prepare supervisory plans for relevant and effective risk based supervision factoring in the size and complexity of the target firm.
 
• Prepares and delivers written analyses and presentations on FI and SSP specific and industry trends or emerging risk.
 
• Analyze information and determine an estimated risk and potential impact to the financial institutions and financial services industry.
 
• Develop and maintain ongoing relationships with supervisory personnel at the Board of Governors and Reserve Banks, across other regulatory agencies, as well as senior management and directors of FIs and SSPs to ensure strong communication of supervisory expectations.
 
• Maintain a global awareness of relevant regulations, laws, emerging issues, trends, and ongoing developments in the financial service

Job RequirementsEducation and Experience
 
• A minimum of 5 years of direct work experience with auditing or managing security and technical controls using industry standard frameworks such as FFIEC, NIST, SANS, and ISO.
 

• Bachelor’s degree in computer science or related field.

• Currently holds an industry recognized information security certification (e.g., CISSP, CISA, CEH and / or vendor certifications).

• Experience working in regulatory/government agencies or financial services is ideal.

• Regulatory Agency Examiner Commission is preferred but not required.

Knowledge and Skills
 
• Advanced knowledge in information security/cyber security, risk management, end point and server technologies, network management/architecture, intrusion detection and prevention systems, vulnerability/pen testing management, and patch management systems. This individual serves as a subject matter expert within these areas.
 
• Ability to evaluate an institutions’ information security program and provide expert advice on its ability to identify, protect, respond, and recover from business disruptions.
 
• Ability to analyze threat intelligence reports to identify vulnerabilities, understand how they could be exploited, and the potential impact to the financial industry.
 
• Critical thinking and decision making abilities. The ideal candidate makes good decisions based on a mixture of analysis, wisdom, experience and judgment.
 
• Strong analytical, written and oral communication including strong presentation and negotiation skills in dealing with all levels of management, boards of directors and other regulatory agencies.
 
• Sound analysis, problem solving and judgment skills. The ideal candidate is sought out by others for advice and solutions due to their expertise. Further, the ideal candidate recommends solutions and suggestions that turn out to be accurate when judged over time.
 
• Strong time management skills and ability to prioritize multiple work streams. • Ability to work on cross-functional teams with various stakeholders on assignments under tight deadlines.
 
• Ability to understand and translate complex technical issues into business implications for technical and business representatives.
 
• Maintains ongoing awareness of current and emerging information regarding security threats, techniques and landscape.
 
Other Requirements • Up to 75% overnight travel during the course of the year. Travel may be to various locations throughout the U.S.
 
• PLEASE NOTE: This position requires access to confidential supervisory information, access to which is limited to "Protected Individuals" as defined by regulation of the Board of Governors of the Federal Reserve System. Protected Individuals include, but are not limited to, U.S. Citizens, U.S. Nationals, and lawful permanent resident aliens (also known as "green card holders") but do not include (i) a permanent resident alien who fails to apply for naturalization within six months of the date the alien first becomes eligible to apply for naturalization and (ii) an alien who has applied on a timely basis, but has not been naturalized as a citizen within 2 years after the date of the application, unless the alien can establish that the alien is actively pursuing naturalization. If you are selected for an interview, you will be required to present documentation of your eligibility prior to the interview. • Applicants selected will be subject to a security investigation and need the ability to obtain and maintain US Security Clearance.