Full Job Description
Sr. Manager, Cyber Risk Assessment-265485
Federal Reserve Bank of New York
Primary Location NY-New York City
Full-time / Part-time Full-time
Employee Status Regular
Overtime Status Exempt
Job Type Experienced
Travel Yes, 5 % of the Time
Shift Day Job
Working at the Federal Reserve Bank of New York positions you at the center of the financial world with a unique perspective on national and international markets and economies. You will work in an environment with a diverse group of experienced professionals to foster and support the safety, soundness, and vitality of our economic and financial systems. It is a challenge that demands the skills of a financial service professional and the intelligence of an academic—all combined with a passion for public service.
What we do:
Information Security executes initiatives and provides services that ensure the
protection of the organization's information assets to minimize the risks of disruption to critical economic and financial systems, and
Your role as Senior Manager of Cyber Risk Assessment:
Leads the development, and enhancements of the Bank's cyber security risk assessment and management program. You will reside in the Information Security Function and report to the Head of the Risk Assessment and Management Department. You will work with Risk Assessment and Management leadership team to promote a healthy culture of security practices throughout the Bank, and contributes to the goals within the different Information Security.
Experience leading security teams in a large organization to perform security assessments and cloud security activities inclusive of planning, budgeting and execution. You are required to be hands-on with direct involvement and lead to the desired outcomes.
Manage the development, implementation and enforcement of cloud security and cyber risk assessment inclusive of third-party activities.
Lead a team on the instrumentation and content development of "compliance as code" and target state DevSecOps methodologies for information security responsibilities to refine the execution of security practices for the cloud and on-perm solutions.
Lead a team to enhance and maintain the Bank's third-party cyber risk assessment using an established industry standard information security control frameworks.
Demonstrate experience in the area of risk and controls across multiple IT platforms including cloud, web applications, database, operating systems, infrastructure, and network security. Advise and educate IT teams on the latest vulnerabilities and mitigation tactics.
Demonstrate experience creating and report cyber security metrics to inform investments and prioritization.
What we are looking for:
6+ years of experience leading an information security teams.
Relevant industry accepted security certifications (CISSP, CISA, CRISC, SANS) a plus
Possession of or the ability to obtain U.S. Government Security Clearance, which includes U.S. Citizenship
Experience performing security risk assessments in area of cloud, and third-party.
Experience working with results generated from vulnerability analyses, penetration testing, threat modeling, and secure code reviews.
Can understand, and explain complex technology risks or control deficiencies to technical and non-technical business representatives, and translate into business risks. Can recommend security solutions and remediation.
Knowledge of information security landscape, security solutions, and current and upcoming security threats.
Our organization offers benefits that are the best fit for you at every stage of your career:
Fully paid Pension plan and 401k with Generous Match
Comprehensive Insurance Plans (Medical, Dental and Vision including Flexible Spending Accounts and HSA)
Subsidized Public Transportation Program
Tuition Assistance Program
Onsite Fitness & Wellness Center
Flexible Work Arrangements
The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.
This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change.