Senior Cybersecurity Third Party Risk Analyst
Atlanta, GA
Company
Federal Reserve Bank of AtlantaAs an employee of the Atlanta Fed, you will help support our mission of promoting the stability and efficiency of the U.S. economy and financial system. Your work will affect the economy of the Southeast, the United States, and the world. The work we do here is important, and how we do it is just as important as what we do. We live our values of integrity, excellence, and respect every day. We do the right thing, we do things right, and we treat people right. A career at the Federal Reserve Bank of Atlanta gives you the chance to do work that touches lives and helps communities prosper.We are a dynamic hybrid workplace environment that requires at least 2 days a week in the office.
Position Summary:
Under limited supervision, responsible for developing and implementing systems and processes to protect the Bank’s information resources. Proactively researches and gathers information security intelligence and best practices to address emerging security needs. Acts as a subject matter expert and senior consultant to business clients and department management on matters of cybersecurity third- party risk. Provides expert guidance to department management and business lines to ensure compliance and mitigation of risks. Contributes to objectives that support Department Strategic Goals. Generally, acts in either an assurance or operational capacity. This position reports to the Third Party Risk Management Manger.
Key Responsibilities:
- Develops and maintains strong working relationships with business areas throughout the enterprise. Advises business lines and IT team on security requirements and best practices.
- Perform in-depth cybersecurity risk assessments; assessing the security stance of third-party entities, detecting vulnerabilities and areas of noncompliance; and develop mitigation strategies that are aligned to industry standards.
- Leverage intelligence, industry best practices (NIST CSF) and the regulatory landscape (such as GDPR, SEC, and FFIEC) to ensure a rounded assessment of the security risk posed to the District.
- Support contractual reviews for new and existing suppliers advising and recommending security clauses for contractual agreements.
- Create and present detailed high-quality risk reports, clearly articulating risk findings with recommendations, and maintains a comprehensive inventory of risk assessments and related documentation.
- Coordinate third party risk management activities, including communicating with vendors about cybersecurity zero day vulnerabilities.
- Key participant in strategic planning activities, cybersecurity projects, or District or System priorities, including workgroups and initiatives as requested.
- Collaborates, as appropriate with Enterprise Risk Management, Legal, Procurement, and other risk functions to maintain an Enterprise Third Party Risk Management Program
- Key participant in the development and enhancement of processes and procedures for the of the Cybersecurity Third Party Risk Management program, including, due diligence activities, continuous monitoring, and frameworks to enhance the efficiency and effectiveness of the overall program.
- Serves as a subject matter expert (SME) for providing oversight of platform implementation, and development and optimization to improve overall vendor risk posture.
- Understanding business needs and dedicated to delivering high-quality, prompt, and efficient service.
- Knowledge of relevant regulations, standards, and frameworks related to third party risk management such as NIST 800-53, NIST CSF, NIST RMF, SEC, GDPR, FedRamp, FAIR methodology, and other industry specific frameworks.
Education: Bachelor’s degree in computer science, Cyber Security, Information Technology, Information Systems, or other related field, OR in lieu of s Bachelor’s degree, an additional 2 years of relevant work experience is required.
Experience: 5 years of Information Security or IT audit experience preferred. Experience in vendor risk management, cyber risk, procurement, enterprise risk management.
Qualifications:
- Cybersecurity Risk Frameworks
- AWS & Azure Cloud Environments
- SSAE 16 Security Compliance
- FAIR Framework
- Key Risk Indicators
- Vendor Risk Management Tools
- Continuous Monitoring Tools
- Cybersecurity Risk Quantification Tools
- Automated Workflow Management
- Preferred Certifications: CTPRP, CRISC, CISM, CISA
Our total rewards program offers benefits that are the best fit for you at every stage of your career:
- Comprehensive healthcare options (Medical, Dental, and Vision)
- 401K match, and a fully funded pension plan
- Paid vacation and holidays; flexible work environment
- Generously subsidized public transportation
- Annual tuition reimbursement
- Professional development programs, training and conferences
- And more…
This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change (e.g. emergencies, rush jobs, change in workload or technological developments).
The Federal Reserve Bank of Atlanta is an equal opportunity employer.
Full Time / Part Time
Full timeRegular / Temporary
RegularJob Exempt (Yes / No)
YesJob Category
Work Shift
First (United States of America)The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS Azure CISA CISM Cloud Compliance Computer Science CRISC FedRAMP FFIEC GDPR Monitoring NIST NIST 800-53 Privacy Risk assessment Risk management RMF Vulnerabilities
Perks/benefits: 401(k) matching Career development Conferences Flex hours Flex vacation Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs