Application deadline: 12/12/2024
Ensure that applicable IT security policies are implemented for assigned information systems and boundaries.
Ensure that applicable security risk management activities prescribed by the Bank’s risk management framework (e.g. SAFR Lifecycle) are followed including:
Provide guidance and expertise to effectively categorize information and information systems to ensure impact levels for the security objectives of Confidentiality, Integrity, and Availability are aligned appropriately.
Support development and implementation of System Security Plans (SSPs) including selection of controls and development of related artifacts, control procedures or related specification documents.
Perform and/or facilitate assessment activities to validate security controls are implemented correctly, operating as intended, and producing the desired outcomes.
Ensure that applicable requirements for Information Security Continuous Monitoring are followed including:
Completing annual Security Assessments and Authorizations as well as assessments whenever there are significant changes to the information system.
Ensure that an operational continuous monitoring plans are maintained and executed as part of the System Security Plan (SSP).
Ensure the execution of risk assessments prior to the implementation of system changes to determine impacts to the security controls established for the system.
Ensure that all Risk Acceptances and Plan of Action and Milestones (POA&Ms) are created, reviewed, and reported to key stakeholders such as the System Owner and Authorizing Official (AO).
Coordinate with the System Owner to update the SSP, manage and control changes to the system, and ensure that security impacts of proposed changes are evaluated by or reported to officials responsible for change control.
Ensure that all security documentation (e.g. System Security Plan, Contingency Plan, Configuration Management Plan, etc.) is properly maintained, approved, updated, and compliant with security program requirements.
Support refinement of the Information Security team backlog, as needed, ensuring clear requirements alignment in support the team’s mission or objective.
Support project initiatives by gathering, analyzing, and capturing input from customers, partners or stakeholders and synthesizing into clear and actionable requirements (user stories) for prioritization and execution.
Collaborate with business and technology teams on projects and key initiatives to ensure that security requirements are communicated and addressed throughout the project life cycle. Provide education to staff on applicable policies, procedures, and standards.
Collaborate with junior team members and assist with mentoring on risk assessment processes and documentation.
Identify, assess, track and report on IT/Security risks across the enterprise. Track risk decisions and remediation plans. Work closely with Enterprise Risk to communicate risks to both technical and non-technical audiences.
Conduct research and analysis on relevant security topics and prepare written or verbal reports or presentations stakeholders and management.
Qualifications for Information Security Analyst, Advanced:
Bachelor’s degree in computer science, information security or a related field and nine (9) years of broad technical experience within IT or cybersecurity.
Qualifications for Information Security Analyst, Senior:
Bachelor’s degree in computer science, information security or a related field and six (6) years of broad technical experience within IT or cybersecurity.
Applicable at both levels:
Progressive experience with utilizing and applying NIST Cybersecurity Framework in addition to NIST security control, risk management and risk assessment frameworks and practices (e.g. 800-53, 800-37, 800-30) is preferred.
Experience in designing, implementing, supporting, or auditing security controls for operational information systems.
Experience in quantifying common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.
Experience in reviewing current security policies and procedures, providing recommendations for approval, in addition, mentor GRC team members for implement updated procedures.
Experience writing and communicating information security and risk-related concepts to technical and non-technical audiences across all levels of the organization.
Experience working in an Enterprise Agile and DevSecOps environment is preferred.
Highly effective prioritization capabilities with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part.
Highly effective organization, time management, and attention to detail
Highest commitment to delivering a great customer experience with a personal and professional value system consistent with the culture and values of the Bank and the Federal Reserve System.
Professional cybersecurity certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials.
Additional Information:
Full Salary Range for Information Security Analyst, Advanced:
$106,900 - $133,684 - $160,400 Annual
Full Salary Range for Information Security Analyst, Senior:
$89,300 - $111,639- $134,000 Annual
Salary offer will be based on qualifications/experience of the candidate, alignment with market data, the needs of the position, our total compensation package, and internal equity.
Our total rewards program offers benefits that are the best fit for you at every stage of your career:
Comprehensive healthcare options (Medical, Dental, and Vision)
401(k) match, and a fully funded pension plan
Paid time off and holidays
Free public transportation passes
Annual educational assistance
On-site fitness facility
Professional development programs, training, and conferences
And more…
The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From economists to cash specialists , we work together to represent you in our economy.
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers () or through verified Federal Reserve Bank social media channels.
...IMPORTANT: Please only apply if you have direct-to-consumer E-COMMERCE and WEB CRO experience. All other applications will be rejected. At iRESTORE, our mission is to restore confidence by providing safe and effective solutions for improving health and beauty. We are...
...Location: We are hiring immediately for a Culinary Intern position. Address : 1155 E 60th Street rm 291Chicago, IL Note: online applications accepted only . Schedule : To be determined based on class schedule and business needs. Pay Rate: $18.00...
...Inbound Call Center Agent (FT) - 6:00 AM to 2:30 PM & 12:30 PM to 9:00 PM Function: The Customer Service Representative performs office duties of answering all incoming service telephone calls. Responsibilities: Promptly answers incoming telephone calls in a...
...Hospitality. Situated in the heart of Avenue Bellevuea premier lifestyle destination with exclusive shopping, dining, and luxury living... ...to advance in guest services, food and beverage, or event management, joining our team means working in a dynamic environment focused...
...citizens. Job Description General Dynamics Information Technology (GDIT) is looking to identify United States Postal Service (USPS) Office of Inspector General (OIG) Incumbents interested in supporting USPS OIG including potential new opportunities for future USPS...