Senior Cybersecurity Third Party Risk Analyst - Atlanta, United States - Federal Reserve System

    Federal Reserve System
    Federal Reserve System Atlanta, United States

    Found in: Talent US C2 - 2 weeks ago

    Default job background
    Full time
    Description

    Company

    Federal Reserve Bank of AtlantaAs an employee of the Atlanta Fed, you will help support our mission of promoting the stability and efficiency of the U.S. economy and financial system. Your work will affect the economy of the Southeast, the United States, and the world. The work we do here is important, and how we do it is just as important as what we do. We live our values of integrity, excellence, and respect every day. We do the right thing, we do things right, and we treat people right. A career at the Federal Reserve Bank of Atlanta gives you the chance to do work that touches lives and helps communities prosper.

    We are a dynamic hybrid workplace environment that requires at least 2 days a week in the office.

    PositionSummary:

    Under limited supervision, responsible for developing and implementing systems and processes to protect the Bank's information resources.Proactivelyresearchesandgathersinformationsecurityintelligenceandbestpracticestoaddressemergingsecurityneeds. Acts as a subject matter expert and senior consultant to business clients and department management on matters of cybersecurity third- party risk. Provides expert guidance to department management and business lines to ensure compliance and mitigation of risks. Contributes to objectives that support Department Strategic Goals. Generally, acts in either an assurance or operational capacity. This position reports to the Third Party Risk Management Manger.

    Key Responsibilities:

  • Develops and maintains strong working relationships with business areas throughout the enterprise. Advises business lines and IT team on security requirements and best practices.
  • Perform in-depth cybersecurity risk assessments; assessing the security stance of third-party entities, detecting vulnerabilities and areas of noncompliance; and develop mitigation strategies that are aligned to industry standards.
  • Leverage intelligence, industry best practices (NIST CSF) and the regulatory landscape (such as GDPR, SEC, and FFIEC) to ensure a rounded assessment of the security risk posed to the District.
  • Support contractual reviews for new and existing suppliers advising and recommending security clauses for contractual agreements.
  • Create and present detailed high-quality risk reports, clearly articulating risk findings with recommendations, and maintains a comprehensive inventory of risk assessments and related documentation.
  • Coordinate third party risk management activities, including communicating with vendors about cybersecurity zero day vulnerabilities.
  • Key participant in strategic planning activities, cybersecurity projects, or District or System priorities, including workgroups and initiatives as requested.
  • Collaborates, as appropriate with Enterprise Risk Management, Legal, Procurement, and other risk functions to maintain an Enterprise Third Party Risk Management Program
  • Key participant in the development and enhancement of processes and procedures for the of the Cybersecurity Third Party Risk Management program, including, due diligence activities, continuous monitoring, and frameworks to enhance the efficiency and effectiveness of the overall program.
  • Serves as a subject matter expert (SME) for providing oversight of platform implementation, and development and optimization to improve overall vendor risk posture.
  • Understanding business needs and dedicated to delivering high-quality, prompt, and efficient service.
  • Knowledge of relevant regulations, standards, and frameworks related to third party risk management such as NIST 800-53, NIST CSF, NIST RMF, SEC, GDPR, FedRamp, FAIR methodology, and other industry specific frameworks.

    • Education: Bachelor's degree in computer science,Cyber Security, Information Technology, InformationSystems,orotherrelatedfield,OR in lieu of s Bachelor's degree, an additional 2 years of relevant work experience is required.

    Experience: 5 yearsofInformationSecurityorITauditexperiencepreferred.Experienceinvendorriskmanagement, cyber risk, procurement, enterprise risk management.

    Qualifications:

  • Cybersecurity Risk Frameworks
  • AWS & Azure Cloud Environments
  • SSAE 16 Security Compliance
  • FAIR Framework
  • Key Risk Indicators
  • Vendor Risk Management Tools
  • Continuous Monitoring Tools
  • Cybersecurity Risk Quantification Tools
  • Automated Workflow Management
  • Preferred Certifications: CTPRP, CRISC, CISM, CISA

    • Our total rewards program offers benefits that are the best fit for you at every stage of your career:

  • Comprehensive healthcare options (Medical, Dental, and Vision)
  • 401K match, and a fully funded pension plan
  • Paid vacation and holidays; flexible work environment
  • Generously subsidized public transportation
  • Annual tuition reimbursement
  • Professional development programs, training and conferences
  • And more...

    • Full Time / Part Time

    Full time

    Regular / Temporary

    Regular

    Job Exempt (Yes / No)

    Yes

    Job Category

    Work Shift

    First (United States of America)