Senior Cybersecurity Third Party Risk Analyst

Company

Federal Reserve Bank of Atlanta

As an employee of the Atlanta Fed, you will help support our mission of promoting the stability and efficiency of the U.S. economy and financial system. Your work will affect the economy of the Southeast, the United States, and the world. The work we do here is important, and how we do it is just as important as what we do. We live our values of integrity, excellence, and respect every day. We do the right thing, we do things right, and we treat people right. A career at the Federal Reserve Bank of Atlanta gives you the chance to do work that touches lives and helps communities prosper.

We are a dynamic hybrid workplace environment that requires at least 2 days a week in the office.

Position Summary:

Under limited supervision, responsible for developing and implementing systems and processes to protect the Bank’s information resources. Proactively researches and gathers information security intelligence and best practices to address emerging security needs. Acts as a subject matter expert and senior consultant to business clients and department management on matters of cybersecurity third- party risk. Provides expert guidance to department management and business lines to ensure compliance and mitigation of risks. Contributes to objectives that support Department Strategic Goals. Generally, acts in either an assurance or operational capacity. This position reports to the Third Party Risk Management Manger.

Key Responsibilities:

• Develops and maintains strong working relationships with business areas throughout the enterprise. Advises business lines and IT team on security requirements and best practices.
• Perform in-depth cybersecurity risk assessments; assessing the security stance of third-party entities, detecting vulnerabilities and areas of noncompliance; and develop mitigation strategies that are aligned to industry standards.
• Leverage intelligence, industry best practices (NIST CSF) and the regulatory landscape (such as GDPR, SEC, and FFIEC) to ensure a rounded assessment of the security risk posed to the District.
• Support contractual reviews for new and existing suppliers advising and recommending security clauses for contractual agreements.  
• Create and present detailed high-quality risk reports, clearly articulating risk findings with recommendations, and maintains a comprehensive inventory of risk assessments and related documentation.
• Coordinate third party risk management activities, including communicating with vendors about cybersecurity zero day vulnerabilities.
• Key participant in strategic planning activities, cybersecurity projects, or District or System priorities, including workgroups and initiatives as requested.
• Collaborates, as appropriate with Enterprise Risk Management, Legal, Procurement, and other risk functions to maintain an Enterprise Third Party Risk Management Program
• Key participant in the development and enhancement of processes and procedures for the of the Cybersecurity Third Party Risk Management program, including, due diligence activities, continuous monitoring, and frameworks to enhance the efficiency and effectiveness of the overall program.
• Serves as a subject matter expert (SME) for providing oversight of platform implementation, and development and optimization to improve overall vendor risk posture.
• Understanding business needs and dedicated to delivering high-quality, prompt, and efficient service.
• Knowledge of relevant regulations, standards, and frameworks related to third party risk management such as NIST 800-53, NIST CSF, NIST RMF, SEC, GDPR, FedRamp, FAIR methodology, and other industry specific frameworks.

Education: Bachelor’s degree in computer science, Cyber Security, Information Technology, Information Systems, or other related field, OR in lieu of s Bachelor’s degree, an additional 2 years of relevant work experience is required.

Experience: 5 years of Information Security or IT audit experience preferred. Experience in vendor risk management, cyber risk, procurement, enterprise risk management.

Qualifications:

• Cybersecurity Risk Frameworks
• AWS & Azure Cloud Environments
• SSAE 16 Security Compliance
• FAIR Framework
• Key Risk Indicators
• Vendor Risk Management Tools
• Continuous Monitoring Tools
• Cybersecurity Risk Quantification Tools
• Automated Workflow Management
• Preferred Certifications: CTPRP, CRISC, CISM, CISA

Our total rewards program offers benefits that are the best fit for you at every stage of your career:

• Comprehensive healthcare options (Medical, Dental, and Vision)
• 401K match, and a fully funded pension plan
• Paid vacation and holidays; flexible work environment
• Generously subsidized public transportation
• Annual tuition reimbursement
• Professional development programs, training and conferences
• And more…

This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change (e.g. emergencies, rush jobs, change in workload or technological developments).

The Federal Reserve Bank of Atlanta is an equal opportunity employer.

Full Time / Part Time

Full time

Regular / Temporary

Regular

Job Exempt (Yes / No)

Yes

Job Category

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice