Senior Information Security Policy & Risk Analyst

at  Federal Reserve Bank of Chicago

Chicago, IL 60604, USA -

Start DateExpiry DateSalaryPosted OnExperienceSkillsTelecommuteSponsor Visa
Immediate23 Jan, 2025Not Specified24 Oct, 20243 year(s) or aboveAnalytical Skills,Communication Skills,Holding Companies,SecuritiesNoNo
Add to Wishlist Apply All Jobs
Required Visa Status:
CitizenGC
US CitizenStudent Visa
H1BCPT
OPTH4 Spouse of H1B
GC Green Card
Employment Type:
Full TimePart Time
PermanentIndependent - 1099
Contract – W2C2H Independent
C2H W2Contract – Corp 2 Corp
Contract to Hire – Corp 2 Corp

Description:

Company
Federal Reserve Bank of Chicago
The Info Security Policy & Risk Senior Analyst executes routine Information Security Policy & Risk Assessment processes accurately and on-schedule to protect and secure the organization’s sensitive information and technology systems.
This position is considered advanced level and performs work of moderate to high complexity. The incumbent works under general supervision and may lead some efforts autonomously. This job does not have any direct reports but may lead the work of junior staff.

Your Responsibilities:

  • Evaluates internal control performance, identifies weaknesses, and provides recommendations to strengthen the security control environment.
  • Evaluates information security risk management lifecycle for complex boundaries, both on-premises as well as cloud based, including information gathering, drafting control responses, documenting non-compliance, capturing Authorization to Operate (ATO) and designing Plan of Action and Milestones (POAMs) remediation plans.
  • Designs Information Security risk evaluations and documentation procedures.
  • Creates and executes the Seventh District’s Information Security policies, standards, and procedures.
  • Develops exceptions and remediation plans where business areas are not in compliance.
  • Serves as primary point of contact to resolve complex questions and issues for stakeholders.
  • Evaluates evidence provided by departments to document remediation of internal control issues or that support the closure of action plans, determines if evidence is sufficient, and provides recommendations.
  • Plans projects to ensure effective implementation of both department initiatives as well as large system-wide efforts pushed out by National Information Technology (NIT) including security investigations, implementation of corrective actions and process improvement.
  • Serves as a key team member and central point of contact during internal audit processes.
  • Collects and organizes data for metrics and reports for senior leadership; performs special projects as needed including memos and status reports for management.
  • Provides consultative advice and communicates risk assessment findings to technical and non-technical stakeholders.
  • Evaluates opportunities to improve risk posture by enhancing technology-related internal solutions and controls for remediating, mitigating, or assessing residual risk.
  • Creates and presents Information Security topics (e.g., IS Awareness, Phishing School) throughout the year to new employees, business areas, and senior leaders.
  • Documents and resolves non-compliance with Information Security policy, controls, and standards.
  • Collaborates with bank leadership at all levels to present risks, proposes mitigation strategies, and achieve buy in on recommendations.

Your Experience:

  • Bachelor’s degree in a related field, or commensurate specialized training, certification, or work experience
  • Minimum three years of work experience
  • Advanced knowledge with common information security frameworks
  • Advanced knowledge of information security concepts.
  • Advanced analytical skills.
  • Excellent written and verbal communication skills.
  • Advanced interpersonal and relationship building skills.
  • Advanced knowledge of and ability to use common office and presentation software.
  • Advanced problem solving and troubleshooting skills.
  • Ability to work both independently and in a team setting.
  • Demonstrated continuous learning agility and adaptability.
  • Ability to proactively research and stay current on emerging risks, compliance trends, IT security regulations.

What we Offer

  • Comprehensive benefits package includes medical, dental, vision, prescription drug coverage, 401k savings plan, retirement plan, paid time off, transit benefit, onsite gym, and subsidized cafeteria.
  • A learning environment with opportunities to gain new skills and grow your career.

Additional Requirements:

  • This is a hybrid position requiring a minimum of two days per week in office.
  • Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.
  • This position has additional screening requirements due to the information accessed while performing the job. These additional screenings would be initiated at the time of offer acceptance and can take approximately two months to be completed. The screening covers areas such as education/employment verification, criminal history, credit history, and reaches out to your references and people that know you well.
  • As a condition of employment, Federal Reserve Bank of Chicago employees must comply with the Bank’s ethics rules, which generally prohibit employees, their spouses/domestic partners, and minor children from owning securities, such as stock, of banks or savings associations or their affiliates, such as bank holding companies and savings and loan holding companies. If you or your spouse/domestic partner or minor child own such securities and would not be willing or able to divest them if you accepted an offer of Bank employment, you should raise this issue with the recruiter for this posting, who can provide you contact information for our ethics official if necessary.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression, or veteran status.
Full Time / Part Time
Full time
Regular / Temporary
Regular
Job Exempt (Yes / No)
Yes
Job Category
Information Technology
Work Shift
First (United States of America)
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (
https://rb.wd5.myworkdayjobs.com/FRS
) or through verified Federal Reserve Bank social media channels.
Privacy Notic

Responsibilities:

  • Evaluates internal control performance, identifies weaknesses, and provides recommendations to strengthen the security control environment.
  • Evaluates information security risk management lifecycle for complex boundaries, both on-premises as well as cloud based, including information gathering, drafting control responses, documenting non-compliance, capturing Authorization to Operate (ATO) and designing Plan of Action and Milestones (POAMs) remediation plans.
  • Designs Information Security risk evaluations and documentation procedures.
  • Creates and executes the Seventh District’s Information Security policies, standards, and procedures.
  • Develops exceptions and remediation plans where business areas are not in compliance.
  • Serves as primary point of contact to resolve complex questions and issues for stakeholders.
  • Evaluates evidence provided by departments to document remediation of internal control issues or that support the closure of action plans, determines if evidence is sufficient, and provides recommendations.
  • Plans projects to ensure effective implementation of both department initiatives as well as large system-wide efforts pushed out by National Information Technology (NIT) including security investigations, implementation of corrective actions and process improvement.
  • Serves as a key team member and central point of contact during internal audit processes.
  • Collects and organizes data for metrics and reports for senior leadership; performs special projects as needed including memos and status reports for management.
  • Provides consultative advice and communicates risk assessment findings to technical and non-technical stakeholders.
  • Evaluates opportunities to improve risk posture by enhancing technology-related internal solutions and controls for remediating, mitigating, or assessing residual risk.
  • Creates and presents Information Security topics (e.g., IS Awareness, Phishing School) throughout the year to new employees, business areas, and senior leaders.
  • Documents and resolves non-compliance with Information Security policy, controls, and standards.
  • Collaborates with bank leadership at all levels to present risks, proposes mitigation strategies, and achieve buy in on recommendations


REQUIREMENT SUMMARY

Min:3.0Max:8.0 year(s)

Banking/Mortgage

IT Software - Network Administration / Security

Finance

Graduate

Proficient

1

Chicago, IL 60604, USA