Cybersecurity Risk Specialist - Federal Reserve Bank of New York New York, NY, USA Bookmark Share Print 1110 4 12

Listing Description

Please apply on our website: https://frb.taleo.net/careersection/2/jobdetail.ftl?job=265847

Working at the Federal Reserve Bank of New York positions you at the center of the financial world with a unique perspective on national and international markets and economies. You will work in an environment with a diverse group of experienced professionals to foster and support the safety, soundness, and vitality of our economic and financial systems. It is a challenge that demands the skills of a financial service professional and the intelligence of an academic—all combined with a passion for public service.

What we do:

The Financial Market Infrastructure Function in the Supervision Group examines systemically important Financial Market Utilities (FMU) and Service Providers (SP) domiciled in the Tri-state region. The FMU Risk team is one of five supervisory teams in the Function; its core mission is to identify and assess the effectiveness of supervised entities’ management of information technology, cybersecurity, operational and model risks, and develop cross-institutional perspectives on sound risk management practices in these risk disciplines.

Your role as Cybersecurity Risk Specialist:

You will conduct cybersecurity examinations for FMUs and SPs under our supervisory authority, and serve as a Federal Reserve System (FRS) cybersecurity expert. Given the complexity and systemic importance of the institutions we oversee, your work will involve close attention to firm-wide IT risk management practices. The responsibilities of the position include assessing FMU/SP cybersecurity risk management programs and associated management information systems for safety and soundness, and compliance with applicable banking laws, regulations, and policy statements. Your work will require close collaboration with different supervisory teams on examinations of information security and cybersecurity, including assessing operational resiliency and third-party risk management.

- Lead or participate on cybersecurity examinations and cross-firm horizontal reviews.

- Validate remediation of previously identified supervisory findings.

- Prepare informative, well-supported supervisory products and work papers.

- Perform monitoring across the FMU/SSP portfolio to understand micro (institution specific), horizontal (industry wide/peer), and macro (financial system) cybersecurity risks.

- Contribute to cross-firms and firm-specific supervisory analyses and products (e.g., annual assessments).

- Help develop supervisory plans for risk-based supervision factoring in the size and complexity of each firm.

- Prepare and provide written analyses and presentations on firm specific cybersecurity risks and industry trends.

- Develop and maintain ongoing relationships with supervisory personnel across the FRS and other regulatory agencies (SEC, CFTC, OCC, FDIC), and senior management at supervised entities to ensure strong lines of communication exist to convey supervisory expectations.

- Contribute to FRS cybersecurity programs related to development of policy statements for supervision of FMU/SSP.

- Maintain knowledge of the latest technologies, threats/vulnerabilities and risk management practices/techniques and its effects to the FMU and SSP ecosystem.

What we are looking for:

- 3+ years of direct work experience with auditing or managing security and technical controls using industry standard frameworks such as FFIEC, NIST, SANS, and ISO.

- Bachelor’s degree in computer science or related fields (e.g., cybersecurity, information technology, information systems, computer engineering)

- Familiarity with information/cybersecurity programs to provide advice on institutions' ability to identify, protect, respond, and recover from a cybersecurity incident.

- Strong analytical, written and oral communication skills.

- Experience communicating cybersecurity risks and concepts to non-technical audiences and senior management.

- Strong collaborator with experience working with multiple teams and partners.

- Expertise to analyze threat intelligence reports to identify vulnerabilities and assess firms’ capability to minimize their exploitation with potential impact to the financial services industry.

- Some experience dealing with different levels of management, boards of directors and regulatory agencies.

- An industry recognized information security certification (e.g., CISSP, CISA, Cloud Cert or vendor certifications) or interest in pursuing any of the listed certifications.Assessing FMU/SP cybersecurity risk management programs and associated management information systems for safety and soundness, and compliance with applicable banking laws, regulations, and policy statements.