Job Information
Federal Reserve Bank Information Security Specialist - Division of Financial Management in Washington, District Of Columbia
Information Security Specialist - Division of Financial Management - R024372 Primary Location : DC-Washington : Employee Status : Regular Overtime Status : Exempt Job Type : Standard Work Shift: : 1st Shift : : Relocation Provided: : Yes Compensation Grade Low: : FR PAY GRADE 25 Compensation Grade High: : FR PAY GRADE 27 Minimum Salary: : $107,000.00 Maximum Salary: : $231,000.00 Posting Date : Apr 22, 2024
Position Description
Minimum Education Bachelor's degree or equivalent experience Minimum Experience 4 Summary The Information Security Specialist performs technical automation and compliance analysis related to information technology (IT) security issues. This position participates in special studies and projects associated with information security-related legislation and the implementation of relevant regulations and Federal Reserve System (FRS)-wide information security practices and policies. This position assists in assessing Board systems compliance with the Federal Information Security Modernization Act (FISMA), and Federal Risk and Authorization Management Program (FedRAMP) activities to mitigate data risks including data loss, data protection and ensuring data privacy. Assists supported divisions with information security and privacy compliance matters. This position requires knowledge of security standards and practices, legislative requirements (FISMA, FedRAMP, Privacy Act, etc.), and internal controls relating to the Sarbanes-Oxley Act (SOX). Duties and Responsibilities
Position Requirements
Must have excellent oral and written communication skills typically acquired through completion of a bachelor’s degree (Information Systems, Business Administration, Information Technology or a related major) or equivalent experience. Must have demonstrated knowledge of and competence in the application of security to advanced information systems and at least 4 years of specific experience in information security, information technology, IT auditing, IT compliance or related field. Requires knowledge of general IT security theory and practices is expected. Strong technical writing experience is required, as well as a demonstrated ability to research and formulate recommendations on complex IT and compliance issues. Must have general knowledge of laws and regulations governing all aspects of IT security as it relates to the Federal government. Knowledge of FISMA, FedRAMP, and SOX requirements, NIST security guidance, and OMB security mandates is highly desirable. An understanding of how FISMA and FedRAMP apply to the unique nature of the work performed at the Board in the supported divisions (i.e., facility operations, law enforcement, financial services, and human resource administration) is highly preferred. Requires an excellent customer service philosophy, demonstrated commitment to teamwork and strong ethical standards. Must have demonstrated ability to work on multiple projects simultaneously while meeting critical deadlines. FR-26 requires analytical ability and excellent oral and written communication skills typically acquired by completion of a bachelor’s degree in computer science or related discipline. Must have demonstrated knowledge of and competence in the application of security to advanced IT systems and at least 5 years of specific experience in information security, or compliance. Requires a thorough knowledge of general IT security theory and practices. Experience preparing for the security assessment process or performing security assessments is preferred. Strong technical writing experience is required, as well as demonstrated ability to research and formulate recommendations on complex IT and compliance issues. Advanced knowledge of information security compliance and related standards is preferred. Must possess knowledge of the laws and regulations governing all aspects of IT security as it relates to the government. Working knowledge of FISMA, FedRAMP, and SOX requirements, NIST security guidance, and OMB security mandates required. An understanding of how FISMA and FedRAMP apply to the unique nature of the work performed at the Board in the supported divisions (i.e., facility operations, law enforcement, financial services, and human resource administration) is highly preferred. Requires an excellent customer service philosophy, demonstrated commitment to teamwork and strong ethical standards. Must have demonstrated ability to work on multiple projects simultaneously while meeting critical deadlines. FR-27 requires excellent analytical ability and oral and written communication skills typically acquired by completion of a bachelor’s degree in computer science or related discipline preferred. Must have demonstrated knowledge of and competence in the application of security to advanced IT systems and at least 6 years of specific experience in information security, or compliance. One or more security certifications (CISSP, CCSP, CISA, GSE), are preferred for this position. Requires a comprehensive knowledge of general IT security theory and practices. Experience preparing for the security assessment process or performing security assessments is preferred. Strong technical writing experience is required, as well as demonstrated ability to research and formulate recommendations on complex IT and compliance issues. Advanced knowledge of information security compliance and related standards. Must possess extensive knowledge of the laws and regulations governing all aspects of IT security as it relates to the government. Extensive knowledge of FISMA, FedRAMP, and SOX requirements, NIST security guidance, and OMB security mandates required. An understanding of how FISMA and FedRAMP apply to the unique nature of the work performed at the Board in the supported divisions (i.e., facility operations, law enforcement, financial services, and human resource administration) is highly preferred. Requires an excellent customer service philosophy, demonstrated commitment to teamwork and strong ethical standards. Must have demonstrated ability to lead projects and work on multiple projects simultaneously while meeting critical deadlines. Communications are with information assurance team, individual clients in the supported divisions and technical working groups. The purpose and extent of each contact is different, and the incumbent must be able to skillfully motivate, evaluate, and positively influence individuals or groups to obtain objectives. Assists with the organization of planning meetings for new and existing projects; coordinating new requirements mandated by statute or regulation and coordinating the development of holistic security systems across a diverse clientele. Work directly affects the Board’s FISMA, FedRAMP, SOX, Privacy-related activities as well as external parties including the FRS, Office of Employee Benefits (OEB), application service providers, and commercial vendors. Many of these activities are critical to the Board and the well-being of Board staff. Failure to properly complete the security assessment and authorization process could subject the Division to Office of Inspector General (OIG) audits or criticism by OMB or the external auditors. The ideal candidate will have the following: • Experience with cloud architecture and/or engineering preferred. • Hands-on experience with AWS or Azure Billing and Cost Management preferred. • Experience advising non-technical business partners on cloud architecture, systems-engineering, and software topics, as well related information security topics. • Experience serving as a functional business advocate to external stakeholders on cloud strategies and related new ways of working. • Experience educating internal business partners on cloud technologies, approaches (PaaS, SaaS, IaaS, etc), and operating models (Agile, DevSecOps, etc) preferred. • Experience with cloud security and FedRAMP preferred. This position requires a hybrid onsite schedule. A skills assessment may be required as part of the recruiting process.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, or application, membership, or service in the uniformed services. | Req ID: R024372 Current Search Criteria |