Federal Reserve Bank (FRB)
Information Security Manager & ISSO (Information Technology)
In this role, you will lead a small team of security professionals and will serve as the Information System Security Officer (ISSO) role for a cloud based financial system. As the ISSO, you will serve as the principal advisor on all matters (technical and otherwise) involving the security of the information system.
You must bring current or recent experience with NIST's Risk Management Framework (RMF), knowledge of NIST based control frameworks, knowledge of modern software engineering practices, and excellent written and verbal communication skills with the ability to communicate complex concepts to all levels of the organization.
To be considered for this position you must be a U.S. Citizen.
The Minneapolis Fed believes in flexibility to balance the demands of work and life while also recognizing the necessity of connecting and collaborating with our colleagues in person. Onsite work is an essential function of this position, and you are expected to be in the office two (2) days per week for meetings and team collaboration.
Responsibilities:
Execute the full cycle of employment matters, including but not limited to those involving hiring, retention and performance optimization, salary recommendations, and decisions related to the termination of employment, as well as the documentation of these matters.
Develop and evaluate the performance of staff, which includes managing staff to identify developmental assignments and training opportunities, working with individuals on their career goals, delegating responsibilities, providing feedback, and evaluating performance on any of the preceding duties.
Establish objectives and key results for the team and adjust direction as needed to respond to organizational strategies and priorities.
Serve as the principal advisor to the System Owner, Authorizing Official, and Chief Information Security Officer (CISO) on all matters (technical and otherwise) involving security of assigned system(s) and/or service(s).
Ensure necessary governance documentation (e.g., business case, technical addendum, Security Impact Analysis – SIA, Classification and Determinations Memo – CDM, etc.), reviews, approvals, and agreements for system(s) and/or service(s) are in place and kept up to date.
Ensure that management, operational, and technical security controls (inherited and system specific) are managed throughout the system development life cycle.
Maintain an Ongoing Authorization to Operate (ATO) for assigned system(s) or an Ongoing Authority to Use (ATU) for assigned service(s) consistent with applicable policy, standards, procedures, and guidelines.
Execute ongoing or operational information security continuous monitoring activities per defined frequency and processes to identify, report, mitigate, and manage risks to maintain the overall security posture and support ongoing authorization decisions.
Ensure that all data, privacy, records management, and other applicable requirements for the protection of sensitive and mission critical information within the assigned system(s) and/or service(s) are being met and followed.
Ensure security incidents are promptly reported.
Perform notification for any suspected security incidents in a timely manner and assist in the investigation of incidents if requested.
Ensure responses to cyber security related data calls and audit requests are completed by the specified due dates.
Maintain a high level of technical, operational, and cybersecurity knowledge including completing specialized training on an annual basis.
Represent the Bank at all levels across the System including participating and/or leading security-focused workgroups at the System Level. Influence decisions and strategic initiatives through this participation and translate relevant activities into concrete action plans for the Bank.
Bachelor's degree in a related field AND a minimum of (8) eight years of broad technical experience, with at (5) least five years in an information security role AND at least (2) two years of direct supervision and people leadership responsibilities OR
Master's degree in a related field AND a minimum of (6) eight years of broad technical experience, with at (5) least five years in an information security role AND at least (2) two years of direct supervision and people leadership responsibilities.
Must have knowledge and experience with the NIST Risk Management Framework (RMF) (800-37) and NIST security and privacy controls (800-53).
Previous experience working in Federal IT Security and/or experience performing the duties of an Information System Security Officer (ISSO) is preferred.
Knowledge and experience designing, implementing, or supporting security controls or operational security support systems.
Knowledge of common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.
Knowledge of the methodologies to conduct threat-modeling exercises on cloud-based applications and services.
Knowledge and experience with cloud architectures and shared responsibility security models, with the ability to address the unique security considerations of cloud-based applications.
Knowledge of engineering practices and patterns for the full software/hardware/networks development life cycle, including coding standards, code reviews, source control management, deployment workflows, testing, and operations.
Must have excellent written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and non-technical audiences across all levels of the organization.
Ability to motivate, develop and lead a diverse team through collaboration and consensus to reinforce a culture of service, accountability, and innovation.
Ability to handle sensitive and confidential matters.
Highly effective organization, time management, and prioritization skills with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part.
Commitment to delivering a great customer experience with a personal and professional value system consistent with the culture and values of the Bank and the Federal Reserve System.
Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials.
Additional Information:
Salary Range: $135,000 - $168,749 - $202,500 Annually.
Salary offer will be based on qualifications/experience of the candidate, alignment with market data, the needs of the position, our total compensation package, and internal equity.
Our total rewards program offers benefits that are the best fit for you at every stage of your career:
Comprehensive healthcare options (Medical, Dental, and Vision)
401(k) match, and a fully funded pension plan
Paid time off and holidays
Free public transportation passes
Annual educational assistance
On-site fitness facility
Professional development programs, training, and conferences
And more…
Other Conditions Required:
For positions in Information Technology that support Treasury Services: The United States Treasury Department (Treasury) has imposed citizenship requirements for certain positions that support the Reserve Banks Treasury fiscal agency functions and/or spend time working on Treasury security sensitive matters. These positions have been risk rated by Treasury and incumbents must meet the corresponding citizenship requirements of the rating and provide acceptable documentation evidencing such. This Information Technology position provides access to Treasury security sensitive matters, is risk rated HIGH, and as such requires the incumbent be a U.S. citizen.
The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From economists to cash specialists, we work together to represent you in our economy.
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.