Job Information
Federal Reserve Bank Information Security Analyst, Sr in Minneapolis, Minnesota
Company
Federal Reserve Bank of Minneapolis
The Federal Reserve Bank of Minneapolis invites applications for an experienced Information Security Analyst / Information System Security Officer (ISSO) to support the Bank in its role as a Fiscal Agent for the Department of Treasury and the Bureau of the Fiscal Service.
In this role an ISSO, you will help to ensure that all relevant IT security requirements prescribed by the Federal Reserve or Fiscal Service are implemented and maintained throughout the lifecycle of the information system. You will work across multiple divisions within the Federal Reserve Bank of Minneapolis.
Best qualified candidates will have previous or current experience with NIST based information security control and risk management frameworks as well as a commitment to delivering high-quality, prompt, and efficient services to stakeholders. Strong candidates will bring the technical experience and ability to adapt and adjust to situations. In addition, they should have excellent critical thinking, risk management, collaboration and communication skills.
This is not a remote position. An essential function of this position is working onsite, this position qualifies for a hybrid working arrangement that will be determined by the department.
Responsibilities:
Ensure that applicable IT security policies are implemented for assignedinformation systems.
Ensure that the operational security posture ofthe information systems is maintained and kept consistent with current security policies and that all assessments of security controls are conducted, documented and reported.
Ensure that applicable requirements for Information Security Continuous Monitoring are followed including:
Completing annual Security Assessments and Authorizations as well as assessments whenever there are significant changes to the information system, the facilities where the system resides, or other conditions that may impact the security or ongoing authorization status of the system.
Ensuring sure that an Operational Continuous Monitoring Plan is maintained and executed as part of the System Security Plan (SSP).
Ensuring the accomplishment of risk assessments prior to the implementation of system changes to determine impacts to the security controls established for the system.
Ensuring that all Exceptions and Plan of Action and Milestones (POA&Ms) are created, reviewed, and reported to the System Owner, Program/Project Manager and Authorizing Official (AO).
Serve as the principal advisor to the Authorizing Official, System Owner, and Chief Information Security Officer on all matters (technical and otherwise) involving security of information system.
Coordinate with the information System Owner to update the SSP, manage and control changes to the system, and ensure that security impacts of proposed changes are evaluated by or reported to officials responsible for change control.
Ensure that IT Security management, operational and technical controls are incorporated throughout the system life cycle.
Ensure that all IT security documentation (e.g. System Security Plan, Information System Contingency Plan, and Configuration Management Plan) is properly maintained, approved, updated and compliant with security program requirements.
Report existing or potential security issues and incidents to the System Owner and escalate as needed to Chief Information Security Officer (CISO), or AO.
Evaluate known threats and vulnerabilities to ascertain if additional safeguards are needed and brief the AO accordingly.
Ensure documentation of mitigating actions or risk acceptances/exceptions in an Issue Resolution with signed approval of AO and ensure establishment of POA&Ms when plans for future action to address identified security weaknesses are decided.
Ensure documentation is developed and maintained detailing the information system hardware and software configuration and all security countermeasures that protect it.
Perform notification for any suspected security incidents in a timely manner and assist in the investigation of incidents if necessary.
Ensure that system audit trails are regularly examined with anomalies reported accordingly.
Ensure that system audit trails are archived in accordance with records management requirements. analysis on relevant security topics and prepare written or verbal reports or presentations stakeholders and management.
Ensure that all requirements for the protection of sensitive and mission critical information, including Sensitive But Unclassified (SBU) information, Controlled Unclassified Information (CUI), and Personally Identifiable Information (PII), within the information are being met and followed.
Support refinement of the Information Security team backlog, as needed, ensuring clear requirements alignment in support the team’s mission or objective.
Support project initiatives by gathering, analyzing, and capturing input from customers, partners or stakeholders and synthesizing into clear and actionable requirements (user stories) for prioritization and execution.
Conduct research and analysis on relevant security topics and prepare written or verbal reports or presentations stakeholders and management.
Qualifications:
Bachelor's degree in information security, cybersecurity, or a closely related field and six (6) years of combined progressive information technology or information security experience OR
Associate degree in computer science, information security, cybersecurity, or a closely related field and eight (8) years of combined progressive information technology or information security experience
Must have experience with, the NIST 800 series publications including: 800-30, 800-37, 800-53, 800-53a, 800-60.
Previous experience working in Federal IT Security and/or experience performing the duties of an Information System Security Officer (ISSO) is preferred.
The following experience is applicable at this level:
Experience and knowledge in identifying common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.
Experience and knowledge in designing, implementing, or supporting security controls or operational security support systems.
Experience leading or supporting development, documentation and maintenance of security policies, processes or procedures.
Experience and knowledge in identifying common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.
Experience working in an Enterprise Agile and DevSecOps environment is preferred.
Highly effective written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and non-technical audiences across all levels of the organization.
Highly effective prioritization capabilities with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part.
Ability and experience prioritizing, attention to detail, managing customer expectations and time.
Commitment to delivering a great customer focused experience with a personal and professional value system consistent with the culture and values of the Bank and the Federal Reserve System.
Desired and applicable at either level:
Certified Information Systems Security Professional (CISSP),
Certified in Risk and Information Systems Control (CRISC),
Certified Information Systems Auditor (CISA) or other similar credentials.
The United States Treasury Department (Treasury) has imposed citizenship requirements for certain positions that support the Reserve Banks Treasury fiscal agency functions and/or spend time working on Treasury security sensitive matters. These positions have been risk rated by Treasury and incumbents must meet the corresponding citizenship requirements of the rating and provide acceptable documentation evidencing such. This Information Security position provides access to Treasury security sensitive matters, is risk rated HIGH, and as such requires the incumbent be a U.S. citizen.
Our total rewards program offers benefits that are the best fit for you at every stage of your career:
Comprehensive healthcare options (Medical, Dental, and Vision)
401(k) match, and a fully funded pension plan
Paid time off and holidays.
Free public transportation passes.
Annual educational assistance
On-site fitness facility
Professional development programs, training, and conferences
And more…
The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From _ economists to cash specialists (https://www.minneapolisfed.org/about-us/careers/job-profiles) _, we work together to represent you in our economy.
Full Time / Part Time
Full time
Regular / Temporary
Regular
Job Exempt (Yes / No)
Yes
Job Category
Information Technology
Work Shift
First (United States of America)
The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers ( https://rb.wd5.myworkdayjobs.com/FRS ) or through verified Federal Reserve Bank social media channels.
Privacy Notice (https://www.kansascityfed.org/documents/7797/Workday_Privacy_Notice.pdf)
