, , , , , ,

Information Security Risk Analyst/Associate Analyst

Requisition #250458

As part of the nation’s central bank, the Federal Reserve Bank of Richmond is committed to strengthening the economy and our communities. It’s a big job, and that’s why we need a variety of talented, results-driven professionals who care about making a difference. Sound like a challenge? You bet it is. That’s why three important values inspire our culture: Serve with integrity. Lead with courage. Perform with excellence.

At the Richmond Fed, our goal is not just to be an employer of choice; we want to be your employer of choice. One of the ways we do that is by offering a total rewards portfolio that includes more than compensation. At the Richmond Fed, total rewards includes thrift and retirement plans, a generous paid time off, health and wellness benefits, insurance to protect you and your loved ones, work/life offerings, and a variety of professional development opportunities.

The Information Security team hiring a IS Risk Analyst/Senior depending on level of experience. This team member of the Cyber Security Risk Management team is responsible for developing, maintaining and coordinating Fifth District information security activities related to Governance, Risk and Compliance (GRC) in support of the Bank’s information security program. Provides technical risk management and compliance services and support to National and Fifth District Lines of Business. Provides information security consulting and support to all levels of Bank management in support of the information security program.

Special Considerations:

Candidate should review the FRB Employee Code of Conduct to ensure compliance with issues related to previous employment and prohibited financial interests. The Code is available on the About Us, Careers webpage at http://www.richmondfed.o; the relevant sections are 5.3 and Appendix B, Parts I, II and III). ****Sponsorship is not available for this position.

Apply on line at

*** The deadline for applying on line is 5:00PM May 30, 2017

*** The hiring range for the IS Security Risk Analyst Associate $48,000-$60,000 annually

*** The hiring range for IS Risk Analyst $60,000-$75,000 annually

*** Salary offered will be based on the job responsibilities and the individual’s knowledge, skills and experience as defined in the job description

*** Selected candidate subject to special background check procedures

**** Selected candidate will be required to obtain the Security Assurance for the Federal Reserve (SAFR) certification within one year of hire.

Essential Job Responsibilities (include but are not limited to the following):

Delivers support for the Security Assurance for the Federal Reserve (SAFR) program based on NIST controls. Consults with information systems owners to categorize systems; select, implement and assess controls; and frame, assess and monitor risk. Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions and catalog remediation actions.

Utilizes automated Governance, Risk and Compliance tools to track artifacts of the risk management lifecycle.

Responsible for information security preparedness, policies, practices, and identifying and mitigating information security risks to applications, systems, infrastructure, and data on behalf of Fifth District and National Product Office business areas.

Enforces information security policies and procedures by administering, and monitoring security reports; reviews SAFR documentation; and investigates possible security exceptions.

Provides consultation and facilitation support services to Fifth District and National Product Offices in information security matters, compliance with the Security Assurance for the Federal Reserve (SAFR) policy and other control mechanisms used by the Bank.

Assists in department self-audit, internal audit, external audit reviews, and risk assessments for the department and for end user departments.

Participate in IT security assessment of supplier (3rd party vendors and cloud services) and develop recommendations to improve security and mitigate security risks.

Delivers information risk management services including risk assessments (ARAPS) for new and existing Information Technology (IT) automation products and projects

Defines and maintains information security non-compliance (exception) review and approval processes; provides recommendations on information security non-compliance situations.

Assists in the execution of SOX (COSO) compliance activities by testing, collecting, and reporting results to management.