Federal Reserve Bank - Boston, MA
posted about 1 month ago
Part-time,Full-time - Mid Level
Boston, MA
Monetary Authorities-Central Bank
About the position
The Third-Party Risk Management Analyst position at the Federal Reserve Bank of Boston is a critical role within the National IT organization. This analyst will assess the information security practices of third parties, ensuring that risks associated with these relationships are identified, evaluated, and mitigated. The role involves leveraging data to analyze security programs, translating findings into actionable insights for various stakeholders, and participating in cross-functional teams to enhance vendor risk management practices.
Responsibilities
- Conduct comprehensive third-party cyber security assessments utilizing a NIST-based framework.
- Evaluate the security posture of third parties to identify vulnerabilities, gaps, and areas of non-compliance.
- Generate detailed reports that provide in-depth analysis of assessment findings, including identified risks and recommended remediation actions.
- Engage with customers and stakeholders to communicate assessment results and collaborate on remediation actions.
- Review and interpret results of vendor audit reports and identify deficiencies for remediation.
- Provide coordination and reporting for third-party risk activities including vendor outreach related to cybersecurity breaches.
- Lead process improvement discussions and present outcomes to senior management.
- Participate in project development surrounding new processes and their integration.
Requirements
- Bachelor's degree in computer science, information systems, or related fields, or equivalent work experience.
- 3 years of experience performing cyber security assessments, specifically third-party assessments using a NIST-based framework.
- Experience with compliance and security audits, and risk mitigation plans.
- Understanding of various risk and security certifications and attestations (SOC2, ISO 27001, etc.).
- In-depth understanding of cyber security principles, concepts, and best practices.
Nice-to-haves
- Industry recognized certifications within information security (e.g., CISSP, GIAC, CISM, CISA, CTPRP, CCSP).
- Familiarity with third party risk and governance concepts.
- Advanced use of cyber security assessment tools and external vendor information sources.
Benefits
- Health insurance
- Dental insurance
- 401k retirement plan
- Paid holidays
- Professional development opportunities
