• FedNow Cyber Security Analyst

    Federal Reserve Bank (Boston, MA)


    Company

     

    Federal Reserve Bank of Boston

     

    Federal Reserve Financial Services (FRFS) delivers a suite of payments services to financial institutions via FedLine® Solutions, FedNowSM, Fedwire®, National Settlement Service (NSS), FedCash®, FedACH® (Automated Clearing House), and Check Services. We are currently leading a strategic effort to transform FRFS to a national, enterprise-focused organization. Through our evolved structure, we will meet the needs of the marketplace for new products and services more quickly, seek to provide a more robust and unified customer experience across our financial service offerings, and create new career growth opportunities for FRFS staff.

     

    The Federal Reserve has developed a new interbank 24x7x365 real-time gross settlement (RTGS) service with integrated clearing functionality, called the FedNow Service. This service enables financial institutions to provide their customers with the ability to send and receive payments any time, any day, and have full access to those funds within seconds. This position is a unique opportunity to be part of this mission-critical Federal Reserve initiative that is transforming the payments landscape in the United States.

     

    The position will be primarily on-site with residency commutable to one of our offices required.

     

    This position is responsible for developing and maintaining cybersecurity risk and compliance and operational activities for the FedNow service. The Cyber Security Analyst position reports to the Cyber Sr Risk Manager.

    Key Responsibilities

    + Develop, update, and maintain FedNow security compliance documentation based on Federal Reserve information security framework and standards. This includes executing security activities based on NIST frameworks and related assessment activities for FedNow information systems.As required, develop and implement additional guidelines and processes tailored specifically for FedNow implementation of security requirements. Provide operational support following implementation.

    + Assist in designing and managing continuous monitoring activities, favoring automation of controls where possible, to ensure the FedNow environment operates within an acceptable risk threshold at all times. Develop, gather, and contribute to data driven performance and risk indicators related to compliance and operational activities as relates to the overall security posture.

    + Execute periodic compliance certifications and reviews as relates to continuous monitoring requirements. Analyze and address access compliance gaps identified during reviews and help develop solutions to avoid future gaps as needed.

    + Manage operational activities related to user security training, background screening and user identity and access management,user role reviews and updates, providing oversight and compliance with access management guidelines for scoped technologies. As required, support on-call rotational responsibilities for elevated access management.

    + Provide expert security recommendations and consultation to FedNow business and technology teams to aid in risk management and compliance activities and the interpretation, application and adherence of information security policies for the FedNow service.

    + Manage security testing calendar: schedule and coordinate periodic security testing engagements such as annual security continuous monitoring testing, penetration testing, and other applicable testing engagements. Assist in coordinating and documenting testing scope and providing required access, evidence and follow-ups. As required, coordinate and managesecurity findingsto resolution.

    + Assist in supporting audit requests and activities including coordinating audit evidence gathering and submission during audit engagements. This may involve independent evidence gathering or collaborating with various team members in obtaining information to satisfy audit request. Post-audit, manage audit findings through control gap management processes and full closure of control gaps.

    + Continuouslyassist the broader security team in identifying process and control improvements through escalating discovered control gap patterns andimplementingrelevant process improvements as required.

    Knowledge,** **Skills** **and Experience Required

    + Knowledge and experience normally acquired through, or equivalent to, the completion of a Bachelor’s degree and a minimum of 3-5 years of job-related experience.

    + Possess knowledge of risk management principles and industry-standard security risk management frameworks (e.g. NIST, ISO, FedRAMP).

    + Appropriate industry certifications such as the CISSP, CRISC, and/or CCSPis highly desirable.If not already possessed, internal security certification must be obtained once role started.

    + Proven ability to prioritize, reprioritize and demonstratesappropriate agility to manage competing and sometimes conflicting priorities.

    + Proven team management and project management skills requiredto lead/direct technical and business teams to achieve common goals.

    + Abilityto flexibly adapt to a rapidly changing environment and generate effective and innovative solutions to address change.

    + Experience working with the Agile framework is highly desirable.

    + Strong oral and written communication skills.

    + Self-starter and ability to explore and learn new areas and concepts.

    Supervision

    + This position will not directly superviseemployees.

    Other Considerations

    + Periodic Travel within U.S. may be required – 10-15% of time

    + This role may requires being on-call on a rotational basis, to address urgent issues outside of regular business hours.

     

    _The Federal Reserve Bank of Boston is committed to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service._

     

    _All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five_ _years._

     

    _For this job, any offer of employment is contingent upon successfully passing a two-phase security screening. The first phase consists of the satisfactory completion of a physical examination (including a drug screening), reference checks, and a security investigation consisting of credit and criminal history checks._

     

    _The second phase, which might not be complete until after you begin working at the Reserve Bank, is an additional risk-based security screening determined by the risk rating of the position. Depending upon the sensitivity of the position, this phase may include, and is not limited to, work and residency eligibility verification, and personal interviews with the candidate, references, and prior_ _employers._

     

    _All applicants must have resided in the United States for at least three (3) years._

     

    Full Time / Part Time

     

    Full time

     

    Regular / Temporary

     

    Regular

     

    Job Exempt (Yes / No)

     

    Yes

     

    Job Category

     

    Information Technology Family Group

     

    Work Shift

     

    First (United States of America)

     

    _The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences._

     

    Always verify and apply to jobs on Federal Reserve System Careers ( https://rb.wd5.myworkdayjobs.com/FRS ) or through verified Federal Reserve Bank social media channels.

     

    Privacy Notice (https://www.kansascityfed.org/documents/7797/Workday\_Privacy\_Notice.pdf)