Info Security Analyst, Advanced
Minneapolis, MN
Full Time Entry-level / Junior USD 89K - 160K
Federal Reserve System
The Federal Reserve Board of Governors in Washington DC.Company
Federal Reserve Bank of MinneapolisThe Federal Reserve Bank of Minneapolis is looking for a dynamic and enthusiastic Information Security Analyst to join our Information Security Governance, Risk & Compliance team.As an Information Security Analyst, you will provide expertise to business and technology stakeholders in your role supporting cyber risk management activities throughout the Bank. Ideal candidates will have had previous experience with information security control and risk management frameworks such as NIST 800-53 and NIST 800-37. If you are a self-starter with a passion for identifying and assessing risks, and approaching mitigation from a holistic perspective, this position is for you.
This is not a remote position. The Minneapolis Fed believes in flexibility to balance the demands of work and life while also recognizing the necessity of connecting and collaborating with our colleagues in person.
Onsite work is an essential function of this position, and you are expected to be in the office at least one day per week for meetings and team collaboration.
Application deadline: 12/12/2024
Ensure that applicable IT security policies are implemented for assigned information systems and boundaries.
Ensure that applicable security risk management activities prescribed by the Bank’s risk management framework (e.g. SAFR Lifecycle) are followed including:
Provide guidance and expertise to effectively categorize information and information systems to ensure impact levels for the security objectives of Confidentiality, Integrity, and Availability are aligned appropriately.
Support development and implementation of System Security Plans (SSPs) including selection of controls and development of related artifacts, control procedures or related specification documents.
Perform and/or facilitate assessment activities to validate security controls are implemented correctly, operating as intended, and producing the desired outcomes.
Ensure that applicable requirements for Information Security Continuous Monitoring are followed including:
Completing annual Security Assessments and Authorizations as well as assessments whenever there are significant changes to the information system.
Ensure that an operational continuous monitoring plans are maintained and executed as part of the System Security Plan (SSP).
Ensure the execution of risk assessments prior to the implementation of system changes to determine impacts to the security controls established for the system.
Ensure that all Risk Acceptances and Plan of Action and Milestones (POA&Ms) are created, reviewed, and reported to key stakeholders such as the System Owner and Authorizing Official (AO).
Coordinate with the System Owner to update the SSP, manage and control changes to the system, and ensure that security impacts of proposed changes are evaluated by or reported to officials responsible for change control.
Ensure that all security documentation (e.g. System Security Plan, Contingency Plan, Configuration Management Plan, etc.) is properly maintained, approved, updated, and compliant with security program requirements.
Support refinement of the Information Security team backlog, as needed, ensuring clear requirements alignment in support the team’s mission or objective.
Support project initiatives by gathering, analyzing, and capturing input from customers, partners or stakeholders and synthesizing into clear and actionable requirements (user stories) for prioritization and execution.
Collaborate with business and technology teams on projects and key initiatives to ensure that security requirements are communicated and addressed throughout the project life cycle. Provide education to staff on applicable policies, procedures, and standards.
Collaborate with junior team members and assist with mentoring on risk assessment processes and documentation.
Identify, assess, track and report on IT/Security risks across the enterprise. Track risk decisions and remediation plans. Work closely with Enterprise Risk to communicate risks to both technical and non-technical audiences.
Conduct research and analysis on relevant security topics and prepare written or verbal reports or presentations stakeholders and management.
Qualifications for Information Security Analyst, Advanced:
Bachelor’s degree in computer science, information security or a related field and nine (9) years of broad technical experience within IT or cybersecurity.
Qualifications for Information Security Analyst, Senior:
Bachelor’s degree in computer science, information security or a related field and six (6) years of broad technical experience within IT or cybersecurity.
Applicable at both levels:
Progressive experience with utilizing and applying NIST Cybersecurity Framework in addition to NIST security control, risk management and risk assessment frameworks and practices (e.g. 800-53, 800-37, 800-30) is preferred.
Experience in designing, implementing, supporting, or auditing security controls for operational information systems.
Experience in quantifying common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.
Experience in reviewing current security policies and procedures, providing recommendations for approval, in addition, mentor GRC team members for implement updated procedures.
Experience writing and communicating information security and risk-related concepts to technical and non-technical audiences across all levels of the organization.
Experience working in an Enterprise Agile and DevSecOps environment is preferred.
Highly effective prioritization capabilities with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part.
Highly effective organization, time management, and attention to detail
Highest commitment to delivering a great customer experience with a personal and professional value system consistent with the culture and values of the Bank and the Federal Reserve System.
Professional cybersecurity certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials.
Additional Information:
Full Salary Range for Information Security Analyst, Advanced:
$106,900 - $133,684 - $160,400 Annual
Full Salary Range for Information Security Analyst, Senior:
$89,300 - $111,639- $134,000 Annual
Salary offer will be based on qualifications/experience of the candidate, alignment with market data, the needs of the position, our total compensation package, and internal equity.
Our total rewards program offers benefits that are the best fit for you at every stage of your career:
Comprehensive healthcare options (Medical, Dental, and Vision)
401(k) match, and a fully funded pension plan
Paid time off and holidays
Free public transportation passes
Annual educational assistance
On-site fitness facility
Professional development programs, training, and conferences
And more…
The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From economists to cash specialists, we work together to represent you in our economy.
Full Time / Part Time
Full timeRegular / Temporary
RegularJob Exempt (Yes / No)
YesJob Category
Information TechnologyWork Shift
First (United States of America)The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.
Tags: Agile Audits CISA CISSP Compliance Computer Science CRISC DevSecOps Exploits Governance Monitoring NIST NIST 800-53 POA&M Privacy Risk assessment Risk management RMF Security assessment System Security Plan Vulnerabilities
Perks/benefits: 401(k) matching Career development Conferences Equity / stock options Health care
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.