Cyber Security Risk Analyst

Company Federal Reserve Bank of New York When you work at the New York Fed, you have the opportunity to make an impact in our communities and across the nation. Our mission-driven, curious, and dedicated colleagues apply their diverse perspectives and unique talents to support the strength of the U.S. economy and stability of the global financial system. At the Bank, we work full-time onsite with our teams. We believe being physically together allows us to draw on our collective strengths, while recognizing that the ability to work flexibly from time to time remains important to achieving our mission. Our Unique Work: Information Security New York (ISNY) is responsible for developing, executing, and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank. Within Information Security, the Cyber Security Assurance Department (CSA) is responsible for assessing risks associated with 3rd party vendors systems, software, IoT devices, ICS, technology processes, or outsourcing arrangements handling, processing, or storing Federal Reserve data. The team works directly with the business, providing guidance and managing risks. The department is also responsible for the integration of security practices into DevSecOps methodology, performing application security testing and working directly on security tooling integration as part of the CI/CD pipeline. The engagement and guidance to the product development teams are implemented through CSA analysts being embedded in the development squads to provide security advice during development and by managing the Security Champion Program in the Bank ensuring each product team has developers trained in security matters. How You’ll Make an Impact as a Cyber Security Assurance Analyst You will work in a dynamic team environment and play an important role in helping the Federal Reserve carry out its responsibilities. The Cyber Security Risk Analyst will be responsible for risk assessments, Cloud mitigations, security application testing, thread modeling security design review and overall information systems risk management. The role is an individual contributor who will work closely with technology squads to flawlessly deliver technological projects to the business customers. The candidate will be required to perform risk assessments which include application security testing focusing on Cloud migration workloads with specific focus on the mission critical systems supporting Markets operations. The position resides in the Information Security Function and reports to Cyber Security Assurance Manager. Role’s objectives are: Perform Cloud application security risk assessments. Execute assessments timely and accurately. Manage relationship with the business unit assigned. Embed within the development squad to provide timely security advice. Preform application security testing ensuring only compliant workloads move to the Cloud. Support development squads in implementing security tooling in the CI/CD pipeline. The Unique Skill Sets We’re Looking For: Experience in executing assessments in the Cloud and against third party SaaS solutions. Expert knowledge of performing risk management based on NIST 800-53. Experience in determining vulnerability risk impact on key objectives and critical processes; ability to link risk management programs and initiatives to inform critical business strategies and processes. Experience in thriving in the DevSecOps culture and working closely with developers on delivering business value in agile quick release environment. Demonstrated leadership experience, managing projects, strong decision making and execution abilities. Strong experience managing and timely resolving security findings in the Agile management practice. Expert level application security testing skills supporting CI/CD pipeline. Experience evaluating 3rd party vendors supporting Banks processes with focus on date protection. Proven ability evaluating and securing Gen AI systems with internal and embedded models. Possession of or the ability to obtain and maintain National Security Clearance, which includes U.S. Citizenship when required Other Things to Know: Salary Range: $170,000k-$230,000k We believe in transparency at the New York Fed. This salary range reflects a variety of skills and experiences candidates may bring to the job. We pay individuals along this range based on their unique backgrounds. Whether you’re stretching into the job or are a more seasoned candidate, we aim to pay competitively for your contributions.  This position requires possession of or the ability to obtain and maintain national security clearance, which requires U.S. citizenship. Candidates must undergo an enhanced background check and will be tested for all controlled substances prohibited by federal law, to include marij