Info Security Analyst, Advanced
$134,000 - $160,400/Yr
Federal Reserve Bank - Minneapolis, MN
posted about 1 month ago
Part-time,Full-time - Senior
Onsite - Minneapolis, MN
Monetary Authorities-Central Bank
About the position
The Information Security Analyst, Advanced position at the Federal Reserve Bank of Minneapolis involves supporting cyber risk management activities and ensuring compliance with information security policies. The role requires collaboration with business and technology stakeholders to assess and mitigate risks, implement security controls, and maintain security documentation. The ideal candidate will have extensive experience with NIST frameworks and a strong commitment to delivering excellent customer service while fostering a diverse and inclusive work environment.
Responsibilities
- Ensure that applicable IT security policies are implemented for assigned information systems and boundaries.
- Provide guidance and expertise to effectively categorize information and information systems to ensure impact levels for security objectives are aligned appropriately.
- Support development and implementation of System Security Plans (SSPs) including selection of controls and development of related artifacts.
- Perform and/or facilitate assessment activities to validate security controls are implemented correctly and operating as intended.
- Complete annual Security Assessments and Authorizations and assessments for significant changes to the information system.
- Maintain and execute operational continuous monitoring plans as part of the System Security Plan (SSP).
- Execute risk assessments prior to system changes to determine impacts to established security controls.
- Create, review, and report Risk Acceptances and Plan of Action and Milestones (POA&Ms) to key stakeholders.
- Coordinate with the System Owner to update the SSP and manage changes to the system.
- Ensure all security documentation is properly maintained, approved, updated, and compliant with security program requirements.
- Support refinement of the Information Security team backlog, ensuring clear requirements alignment.
- Gather, analyze, and capture input from customers and stakeholders for project initiatives.
- Collaborate with business and technology teams to ensure security requirements are communicated and addressed throughout the project life cycle.
- Provide education to staff on applicable policies, procedures, and standards.
- Mentor junior team members on risk assessment processes and documentation.
- Identify, assess, track, and report on IT/Security risks across the enterprise.
- Conduct research and analysis on relevant security topics and prepare reports or presentations for stakeholders.
Requirements
- Bachelor's degree in computer science, information security or a related field and nine (9) years of broad technical experience within IT or cybersecurity.
- Progressive experience with utilizing and applying NIST Cybersecurity Framework and NIST security control, risk management and risk assessment frameworks (e.g. 800-53, 800-37, 800-30).
- Experience in designing, implementing, supporting, or auditing security controls for operational information systems.
- Experience in quantifying common threats, vulnerabilities, and exploits with understanding of mitigating controls and response techniques.
- Experience in reviewing current security policies and procedures, providing recommendations for approval, and mentoring GRC team members.
- Experience writing and communicating information security and risk-related concepts to technical and non-technical audiences.
- Experience working in an Enterprise Agile and DevSecOps environment.
Nice-to-haves
- Professional cybersecurity certifications such as CISSP, CRISC, CISA or similar credentials.
Benefits
- Comprehensive healthcare options (Medical, Dental, and Vision)
- 401(k) match and a fully funded pension plan
- Paid time off and holidays
- Free public transportation passes
- Annual educational assistance
- On-site fitness facility
- Professional development programs, training, and conferences
