IT Risk / Cybersecurity Specialist - Supervision Group

Federal Reserve Bank of New York - New York, NY4.1

IT Risk / Cybersecurity Specialist - Supervision Group-257184
Federal Reserve Bank of New York
Primary Location NY-New York City
Full-time / Part-time Full-time
Employee Status Regular
Overtime Status Exempt
Job Type Experienced
Travel Yes, 50 % of the Time
Shift Day Job

The Regional, Community and Foreign Institutions (RCFI) Function is responsible for supervising and regulating state member banks, bank holding companies and foreign banking organizations in the United States. The RCFI Risk Specialist team is responsible for assessing the risks inherent in the activities of the financial institutions in the portfolio and conducting reviews of the relevant risk management practices. This includes effectively identifying existing and emerging risk trends, testing compliance with regulatory policies, procedures and expectations for the various risk disciplines, and developing cross-institutional perspectives that facilitate the sharing of sound practices with financial institutions and other Reserve Bank staff.

As an Information Technology Specialist, the candidate will assist in the development of supervisory and examination strategies, and oversee or assist in the execution of those strategies for institutions in the RCFI portfolio. This includes:

Identifying information technology strategies, risk and exposure levels at financial institutions to assess risk management practices and the adequacy of risk management systems. Developing and recommending supervisory actions that are commensurate with risk levels and are based on sound and supportable conclusions
Assessing the financial institution’s compliance with information security, IT governance, and business continuity and resiliency regulatory expectations and standard industry practices.
Assessing and rating IT-related risks of the financial institution and its service providers based on the risk evaluation of the four critical components of the Uniform Rating System for Information Technology (URSIT): Audit, Management, Development and Acquisition, and Support and Delivery
Determining the financial institution’s cybersecurity preparedness based on the assessment of inherent risks and cybersecurity maturity levels
Developing and maintaining relationships with management and staff of supervised institutions, other areas of RCFI, Supervision and the Bank, other Reserve Banks and Board staff and other supervisory authorities, as well as collaborating with Financial Analysts, Supervisory Managers and others to identify emerging risks and trends and develop monitoring tools
Analyzing current IT industry practices, conditions, and trends and identifying inherent / emerging risks. This includes maintaining knowledge of emerging technologies, threats/vulnerabilities and risk management practices /techniques, as well as cultivating and sharing knowledge with colleagues about current information technology risk management techniques and practices used in supervision and the financial services industry
Participating in or leading examinations or inspections which will require coordination and consultation with Federal Reserve management and staff, other supervisory authorities and the supervised institution at various executive levels

Preparing and delivering:
Product memos, report comments, risk assessments and other materials that support examination findings and supervisory decisions
Clear and well developed presentations, including examination and supervisory issues to Federal Reserve management and staff, other supervisory authorities and the supervised institution at various staff and executive levels

Intermediate to advanced skills in at least two disciplines: information technology and/or information security, and internal audit or operational risk; ideally a minimum of five years experience preferred.
Strong communication skills, including ability to identify, prioritize, frame, and clearly articulate material issues that reflect supervisory positions/concerns. Ability to make presentations and lead meetings that are clear, informative, well-organized, analytically sound, and effective; demonstrate confidence in delivery and ability to stay focused on key messages; manage questions and discussions effectively.
Strong ability to establish and maintain credibility with all levels of management
Familiarity with the risk-focused supervision process and the examination process for domestic banks and bank holding companies or foreign financial institutions. Experience across domestic and foreign institutions will be given special consideration.
Ability to assimilate new information quickly, handle new problem situations, and manage a variety of responsibilities simultaneously
Ability to assimilate new information quickly, handle new problem situations, and manage a variety of responsibilities simultaneously
Ability to apply information technology and information security knowledge of the financial industry, sound practices, banking principles, regulations and examination procedures to the supervision of a cross section of institutions; mine existing information for cross-institutional IT/IS themes and IT/IS issues to provide insight regarding institutions, industry practices and emerging IT/IS risks that is forward-looking and consistent with strategic concerns
Strong ability to plan and conduct all phases of information technology examination independently or as a team member to include general and application controls, systems or applications development, information security, business continuity and disaster recovery, and procedures for technology areas including network, communications, operating system, database and web-based technology.
Good knowledge of applicable IT professional standards and regulatory requirements
Proven ability to train and serve as subject matter expert to non-IT examiners.
Proven ability to build solid strategic working relationships
Sound organizational skills and self-management evidenced by an ability to take initiative and ownership of assignments, produce results under tight time constraints, and operate effectively given rapidly evolving priorities
Successfully complete the Examiner Commissioning Curriculum if not already completed
At a minimum, Bachelor's degree in Business or IT related field, Masters preferred
Preferred certifications: Certified Information Systems Auditor (CISA) include Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), ITIL Service Manager Certification
Generally a minimum of eight to ten years of relevant experience.

This position requires access to confidential supervisory information, which is limited to "Protected Individuals" as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so.

The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.