Information Security Manager & ISSO
Minneapolis, MN
Full Time Mid-level / Intermediate USD 135K - 202K
Company
Federal Reserve Bank of MinneapolisThe Federal Reserve Bank of Minneapolis is looking for experienced Information Security Manager to support the Bank in its role as a Fiscal Agent for the Department of Treasury and the Bureau of the Fiscal Service.In this role, you will lead a small team of security professionals and will serve as the Information System Security Officer (ISSO) role for a cloud based financial system. In the role of an ISSO, you will ensure that all relevant IT security requirements prescribed by the Federal Reserve and Fiscal Service are implemented and maintained throughout the lifecycle of the information system. Ideal candidates will have had previous experience with NIST based information security control and risk management frameworks as well as a commitment to delivering high-quality, prompt, and efficient services to stakeholders.
Must be a U.S. citizen or lawful permanent resident alien with at least three (3) years of legal residency. This position does not offer employment-based visa sponsorship.
The Minneapolis Fed believes in flexibility to balance the demands of work and life while also recognizing the necessity of connecting and collaborating with our colleagues in person. Onsite work is an essential function of this position, and you are expected to be in the office two (2) days per week for meetings and team collaboration.
Responsibilities:
Execute the full cycle of employment matters, including but not limited to those involving hiring, retention and performance optimization, salary recommendations, and decisions related to the termination of employment, as well as the documentation of these matters.
Develop and evaluate the performance of staff, which includes managing staff to identify developmental assignments and training opportunities, working with individuals on their career goals, delegating responsibilities, providing feedback, and evaluating performance on any of the preceding duties.
Establish objectives and key results for the team and adjust direction as needed to respond to organizational strategies and priorities.
Serve as the principal advisor to the System Owner, Authorizing Official, and Chief Information Security Officer (CISO) on all matters (technical and otherwise) involving security of assigned system(s) and/or service(s).
Ensure necessary governance documentation (e.g., business case, technical addendum, Security Impact Analysis – SIA, Classification and Determinations Memo – CDM, etc.), reviews, approvals, and agreements for system(s) and/or service(s) are in place and kept up to date.
Ensure that management, operational, and technical security controls (inherited and system specific) are managed throughout the system development life cycle.
Maintain an Ongoing Authorization to Operate (ATO) for assigned system(s) or an Ongoing Authority to Use (ATU) for assigned service(s) consistent with applicable policy, standards, procedures, and guidelines.
Execute ongoing or operational information security continuous monitoring activities per defined frequency and processes to identify, report, mitigate, and manage risks to maintain the overall security posture and support ongoing authorization decisions.
Ensure that all data, privacy, records management, and other applicable requirements for the protection of sensitive and mission critical information within the assigned system(s) and/or service(s) are being met and followed.
Ensure security incidents are promptly reported. Perform notification for any suspected security incidents in a timely manner and assist in the investigation of incidents if requested.
Ensure responses to cyber security related data calls and audit requests are completed by the specified due dates.
Maintain a high level of technical, operational, and cybersecurity knowledge including completing specialized training on an annual basis.
Represent the Bank at all levels across the System including participating and/or leading security-focused workgroups at the System Level. Influence decisions and strategic initiatives through this participation and translate relevant activities into concrete action plans for the Bank.
Qualifications:
Bachelor’s degree in information systems, computer science, or a related field with a minimum of (8) eight years of broad technical experience, with at (5) least five years in an information security role and at least (2) two years of direct supervision and people leadership responsibilities OR Master’s degree in information systems, computer science, or a related field with a minimum of (6) eight years of broad technical experience, with at (5) least five years in an information security role and at least (2) two years of direct supervision and people leadership responsibilities.
Must have knowledge of, and experience with, the NIST 800 series publications including: 800-30, 800-37, 800-53, 800-53a, 800-60.
Previous experience working in Federal IT Security and/or experience performing the duties of an Information System Security Officer (ISSO) is preferred.
Working knowledge and experience designing, implementing, or supporting security controls or operational security support systems.
Knowledge of common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.
Experience leading or supporting development, documentation and maintenance of security policies, processes, or procedures.
Working knowledge of the methodologies to conduct threat-modeling exercises on cloud-based applications and services.
Working knowledge and experience with cloud architectures and shared responsibility security models, with the ability to address the unique security considerations of cloud-based applications.
Working knowledge of modern development and deployment workflows with experience securing CI/CD pipelines.
Excellent written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and non-technical audiences across all levels of the organization.
Ability to motivate, develop and lead a diverse team through collaboration and consensus to reinforce a culture of service, accountability, and innovation.
Ability to handle sensitive and confidential matters.
Highly effective organization, time management, and prioritization skills with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part.
Commitment to delivering a great customer experience with a personal and professional value system consistent with the culture and values of the Bank and the Federal Reserve System.
Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials.
Additional Information:
Salary Range: $135,000 - $168,749 - $202,500 Annually.
Salary offer will be based on qualifications/experience of the candidate, alignment with market data, the needs of the position, our total compensation package, and internal equity.
Our total rewards program offers benefits that are the best fit for you at every stage of your career:
Comprehensive healthcare options (Medical, Dental, and Vision)
401(k) match, and a fully funded pension plan
Paid time off and holidays
Free public transportation passes
Annual educational assistance
On-site fitness facility
Professional development programs, training, and conferences
And more…
Other Conditions Required:
For positions in Information Technology that support Treasury Services: The United States Treasury Department (Treasury) has imposed citizenship requirements for certain positions that support the Reserve Banks Treasury fiscal agency functions and/or spend time working on Treasury security sensitive matters. These positions have been risk rated by Treasury and incumbents must meet the corresponding citizenship requirements of the rating and provide acceptable documentation evidencing such. This Information Technology position provides access to Treasury security sensitive matters, is risk rated HIGH, and as such requires the incumbent be a U.S. citizen.
The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From economists to cash specialists, we work together to represent you in our economy.
Full Time / Part Time
Full timeRegular / Temporary
RegularJob Exempt (Yes / No)
YesJob Category
Information TechnologyWork Shift
First (United States of America)The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Tags: CI/CD CISA CISO CISSP Cloud Compliance Computer Science CRISC Exploits Governance Monitoring NIST NIST 800-53 Privacy Risk management Security Impact Analysis Vulnerabilities
Perks/benefits: 401(k) matching Career development Conferences Equity Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs