FedNow Cyber Security Analyst

This position is responsible for developing and maintaining cybersecurity risk and compliance and operational activities for the FedNow service. The Cyber Security Analyst position reports to the Cyber Sr Risk Manager.

Key Responsibilities

• Develop update and maintain FedNow security compliance documentation based on Federal Reserve information security framework and standards. This includes executing security activities based on NIST frameworks and related assessment activities for FedNow information systems. As required develop and implement additional guidelines and processes tailored specifically for FedNow implementation of security requirements. Provide operational support following implementation.

• Assist in designing and managing continuous monitoring activities favoring automation of controls where possible to ensure the FedNow environment operates within an acceptable risk threshold at all times. Develop gather and contribute to data driven performance and risk indicators related to compliance and operational activities as relates to the overall security posture.

• Execute periodic compliance certifications and reviews as relates to continuous monitoring requirements. Analyze and address access compliance gaps identified during reviews and help develop solutions to avoid future gaps as needed.

• Manage operational activities related to user security training background screening and user identity and access management user role reviews and updates providing oversight and compliance with access management guidelines for scoped technologies. As required support on-call rotational responsibilities for elevated access management.

• Provide expert security recommendations and consultation to FedNow business and technology teams to aid in risk management and compliance activities and the interpretation application and adherence of information security policies for the FedNow service.

• Manage security testing calendar: schedule and coordinate periodic security testing engagements such as annual security continuous monitoring testing penetration testing and other applicable testing engagements. Assist in coordinating and documenting testing scope and providing required access evidence and follow-ups. As required coordinate and manage security findings to resolution.

• Assist in supporting audit requests and activities including coordinating audit evidence gathering and submission during audit engagements. This may involve independent evidence gathering or collaborating with various team members in obtaining information to satisfy audit request. Post-audit manage audit findings through control gap management processes and full closure of control gaps.

• Continuously assist the broader security team in identifying process and control improvements through escalating discovered control gap patterns and implementing relevant process improvements as required.

Knowledge Skills and Experience Required

• Knowledge and experience normally acquired through or equivalent to the completion of a Bachelors degree and a minimum of 3-5 years of job-related experience.

• Possess knowledge of risk management principles and industry-standard security risk management frameworks (e.g. NIST ISO FedRAMP).

• Appropriate industry certifications such as the CISSP CRISC and/or CCSP is highly desirable. If not already possessed internal security certification must be obtained once role started.

• Proven ability to prioritize reprioritize and demonstrates appropriate agility to manage competing and sometimes conflicting priorities.

• Proven team management and project management skills to lead/direct technical and business teams to achieve common goals.

• Ability to flexibly adapt to a rapidly changing environment and generate effective and innovative solutions to address change.

• Experience working with the Agile framework is highly desirable.

• Strong oral and written communication skills.

• Self-starter and ability to explore and learn new areas and concepts.

Supervision

• This position will not directly supervise employees.

Other Considerations

• Periodic Travel within U.S. may be 10-15% of time

• This role may requires being on-call on a rotational basis to address urgent issues outside of regular business hours.

The Federal Reserve Bank of Boston is committed to provide equal employment opportunities to all persons without regard to race color religion national origin sex sexual orientation gender identity age genetic information disability or military service.

All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years.

For this job any offer of employment is contingent upon successfully passing a two-phase security screening. The first phase consists of the satisfactory completion of a physical examination (including a drug screening) reference checks and a security investigation consisting of credit and criminal history checks.

The second phase which might not be complete until after you begin working at the Reserve Bank is an additional risk-based security screening determined by the risk rating of the position. Depending upon the sensitivity of the position this phase may include and is not limited to work and residency eligibility verification and personal interviews with the candidate references and prior employers.

All applicants must have resided in the United States for at least three (3) years.