Info Security Analyst, Advanced
Minneapolis, MN
Full Time Entry-level / Junior USD 106K - 160K
Company
Federal Reserve Bank of MinneapolisThe Federal Reserve Bank of Minneapolis is looking for a dynamic and enthusiastic Information Security Analyst to join our Information Security Governance, Risk & Compliance team.As an Information Security Analyst, you will provide expertise to business and technology stakeholders in your role supporting cyber risk management activities throughout the Bank. Ideal candidates will have had previous experience with information security control and risk management frameworks such as NIST 800-53 and NIST 800-37. If you are a self-starter with a passion for identifying and assessing risks, and approaching mitigation from a holistic perspective, this position is for you.
This is not a remote position. The Minneapolis Fed believes in flexibility to balance the demands of work and life while also recognizing the necessity of connecting and collaborating with our colleagues in person.
Onsite work is an essential function of this position, and you are expected to be in the office at least one day per week for meetings and team collaboration.
Responsibilities:
Ensure that applicable IT security policies are implemented for assigned information systems and boundaries.
Ensure that applicable security risk management activities prescribed by the Bank’s risk management framework (e.g. SAFR Lifecycle) are followed including:
Providing guidance and expertise to effectively categorize information and information systems to ensure impact levels for the security objectives of Confidentiality, Integrity, and Availability are aligned appropriately.
Supporting development and implementation of System Security Plans (SSPs) including selection of controls and development of related artifacts, control procedures or related specification documents.
Performing and/or facilitating assessment activities to validate security controls are implemented correctly, operating as intended, and producing the desired outcomes.
Ensure that applicable requirements for Information Security Continuous Monitoring are followed including:
Completing annual Security Assessments and Authorizations as well as assessments whenever there are significant changes to the information system.
Ensuring sure that an operational continuous monitoring plans are maintained and executed as part of the System Security Plan (SSP).
Ensuring the execution of risk assessments prior to the implementation of system changes to determine impacts to the security controls established for the system.
Ensuring that all Risk Acceptances and Plan of Action and Milestones (POA&Ms) are created, reviewed, and reported to key stakeholders such as the System Owner and Authorizing Official (AO).
Coordinate with the System Owner to update the SSP, manage and control changes to the system, and ensure that security impacts of proposed changes are evaluated by or reported to officials responsible for change control.
Ensure that all security documentation (e.g. System Security Plan, Contingency Plan, Configuration Management Plan, etc.) is properly maintained, approved, updated, and compliant with security program requirements.
Support refinement of the Information Security team backlog, as needed, ensuring clear requirements alignment in support the team’s mission or objective.
Support project initiatives by gathering, analyzing, and capturing input from customers, partners or stakeholders and synthesizing into clear and actionable requirements (user stories) for prioritization and execution.
Collaborate with business and technology teams on projects and key initiatives to ensure that security requirements are communicated and addressed throughout the project life cycle. Provide education to staff on applicable policies, procedures, and standards.
Collaborate with junior team members and assist with mentoring on risk assessment processes and documentation.
Identify, assess, track and report on IT/Security risks across the enterprise. Track risk decisions and remediation plans. Work closely with Enterprise Risk to communicate risks to both technical and non-technical audiences.
Conduct research and analysis on relevant security topics and prepare written or verbal reports or presentations stakeholders and management.
Qualifications:
Bachelor’s degree in computer science, information systems, computer engineering, cybersecurity, or a related field.
A minimum of nine (9) years of broad technical experience within IT or cybersecurity for Information Security Analyst – Advanced OR a minimum of nine (5) years of broad technical experience within IT or cybersecurity for Information Security Analyst – Senior
Deep knowledge of NIST Cybersecurity Framework in addition to NIST security control, risk management and risk assessment frameworks and practices (e.g. 800-53, 800-37, 800-30) is preferred.
Strong knowledge and experience designing, implementing, supporting, or auditing security controls for operational information systems.
Strong knowledge of common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.
Strong knowledge and experience working in an Enterprise Agile and DevSecOps environment is preferred.
Experience leading or supporting development, documentation and maintenance of security policies, processes or procedures
Highly effective written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and non-technical audiences across all levels of the organization.
Highly effective prioritization capabilities with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part.
Highly effective organization, time management, and attention to detail
Highest commitment to delivering a great customer experience with a personal and professional value system consistent with the culture and values of the Bank and the Federal Reserve System.
Professional cybersecurity certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials.
Additional Information:
Full Salary Range: $106,900 - $133,684 - $160,400 Annual
Salary offer will be based on qualifications/experience of the candidate, alignment with market data, the needs of the position, our total compensation package, and internal equity.
Our total rewards program offers benefits that are the best fit for you at every stage of your career:
Comprehensive healthcare options (Medical, Dental, and Vision)
401(k) match, and a fully funded pension plan
Paid time off and holidays
Free public transportation passes
Annual educational assistance
On-site fitness facility
Professional development programs, training, and conferences
And more…
The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From economists to cash specialists, we work together to represent you in our economy.
Full Time / Part Time
Full timeRegular / Temporary
RegularJob Exempt (Yes / No)
YesJob Category
Information TechnologyWork Shift
First (United States of America)The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Tags: Agile Audits CISA CISSP Compliance Computer Science CRISC DevSecOps Exploits Governance Monitoring NIST NIST 800-53 POA&M Privacy Risk assessment Risk management RMF Security assessment System Security Plan Vulnerabilities
Perks/benefits: 401(k) matching Career development Conferences Equity / stock options Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open PowerShell-related jobs