Reference #: R-0000024708
CompanyFederal Reserve Bank of PhiladelphiaThe Federal Reserve Bank of Philadelphia is one of the 12 regional Reserve Banks that, together with the Board of Governors in Washington, D.C., make up the Federal Reserve System. It helps formulate and implement monetary policy, supervises banks and bank and savings and loan holding companies, and provides financial services to depository institutions and the federal government. The Federal Reserve Bank of Philadelphia serves eastern and central Pennsylvania, southern New Jersey, and Delaware.Job Summary:In the Analyst position an incumbent will apply comprehensive knowledge of information security and technology to oversee and execute all risk management program activities for the department in a highly effective manner. Lead or participate in management discussions and through department, Reserve Bank, and Board of Governors (BOG) work teams with a risk management focus, recommend and implement solutions, track and resolve issues, and keep work teams and project sponsors informed. Apply comprehensive knowledge of the SRC business line and coordinate all business-specific compliance with the Board Information Security Program (BISP) and Security Assurance for the Federal Reserve (SAFR) policies.What You Will Do:Primarily responsible for all compliance activities under the BISP including but not limited to:
Reviews Federal Information Security Management Act (FISMA) controls for every BISP asset annually.
Provides evidence from data owner on compliance and attaching to necessary / pertinent controls.
Performs rework as clarifications or inconsistencies are identified by the BOG or other IT departments.
Works with business owner(s) and data owner to address exceptions and risk issues that are generated from a vulnerability or audit finding.
Coordinates conversations and risk management activities between SRC staff, local Information Security, and BOG representation regarding new assets.
Updates the BOG BISP repository to add required information from developers and data owners.
Reviews all SAFR assets and controls for the department and ensures that all required supporting documentation is gathered and accurate.
Partners with Information Security to document required risk assessment for special software needs and other use cases.
Ensures compliance with BOG Administrative Directive (AD) security-related letters, including additional protections for SRC Confidential Information, tracking of Confidential Supervisory Information (CSI) eligibility/access, and file cleansing.
Develops and implements strategies to analyze role-based security model for SRC to introduce simplicity and logic into access provisioning.
Coordinates Philadelphia SRC security access and tool reviews at required frequency.
Oversees FedIdentity tool requests.
Partners with AMP to resolve issues, process requests, and provide open work updates to SRC management.
Partners with local Information Security to ensure prompt and accurate reporting of security incidents for Philadelphia SRC staff.
Prevents unauthorized access to FRS and System resources caused by staffing changes.
Advises management on the timing of Enhanced Data Loss Protection (DLP) and other risk mitigation tool usage.
Conducts security orientation and specific refresher trainings as requested.
Maintains the department's Access Request Center and ensures that the group mailbox contains all documentation supporting security changes and responses from management about access reviews, SharePoint site reviews, and so on.
Responsible for coordinating all National Information Center and Securities Evaluation Services Investor Tools access requests/changes.
Ensures completion of required Annual Security Matters training, quarterly Phishing class when applicable, and other special security topic training.
Serves as the department subject matter expert on storing and handling CSI.
Acts as a lia son with local Information Security on all activities.
Produces and maintains documentation for operational processes and procedures.
Fulfills job duties and responsibilities in conformance with sound safety practices.
Complies with all applicable information security policies, guidelines, and practices.
Performs other duties as assigned.What You Have:
Knowledge and Skills:
Excellent ability to articulate and organize information that effectively communicates issues to employees at all levels both verbally and written.
Expert level analytical, creative problem-solving skills, and advanced critical thinking skills to troubleshoot and research risks and vulnerabilities.
Ability to diffuse conflict, build consensus and transfer technical knowledge.
Ability to find root-cause of issues and warning signs of potential problems.
Strong time management, interpersonal, and leadership skills.
Demonstrated multitasking skills and possess an organized approach to work.
Strong knowledge of various applications and can quickly learn new technology.
Awareness of current issues affecting the industry and its technologies.
Must be proficient with task delegation and follow up across any team.
Preferred knowledge of the SRC Department, CSI, and access needed for each unit.Education and Experience:
Bachelor's degree with a concentration in Security or IT - or a minimum of 7 years of significant work experience in IT and/or IT project management is required.
Strongly preferred information security certifications include CISSP, ISSP, BISP, and SAFR.
Must have strong experience with application security and authentication methods.
Preferred knowledge of the FISMA.
Experience with FRS security products including but not limited to: DLP, sDLP, Titus (Outlook plug-in), Symantec, Network Access Control, Ironkeys, IntraLinks, Transport Layer Security, and ZixMailManagerial are desirable.
Experience serving as a mentor and providing constructive feedback to staff.
Experience recognizing and properly handling confidential and sensitive information.
Experience presenting findings and assessments concerning highly complex supervisory matters, institutions, and inquires.Other Requirements:
Applicants must be able to provide work authorization to prove their eligibility to work in the United States. An applicant for employment also must be a U.S. Citizen, U.S. National, or hold permanent resident status with intent to become a U.S. Citizen.
Some travel required, up to 25%.Note: This document indicates the general nature and level of work performed by employees within this position. An employee's responsibilities, tasks, and duties might differ from those outlined in the job description. The Federal Reserve Bank of Philadelphia reserves the right to modify the elements of this job description, as business needs require.The salary grade for this position is: 15. Final salary and offer will be determined by the applicant's background, experience, and skills, and internal equity and alignment with market data.We offer a great benefits package that features:
Medical (4 options), Prescription, Dental (3 options), and Vision Insurance with no waiting period
401k/Thrift Plan with generous employer match
Employer-funded Pension Plan
Paid Vacation/Sick Time & Holidays
Monthly $100 Commuter Allowance
Flexible Spending Accounts and Healthcare Spending Accounts
Flexible Work Schedule available in most departments
Life Insurance and Long Term Disability Insurance
Tuition Reimburseme
