Apply on Employer Site

Federal Reserve Bank of Kansas City · 9 hours ago

Information Security Specialist

Kansas City, MO

Full-time

Hybrid

Mid, Senior Level

$99K/yr - $139K/yr

6+ years exp

The Federal Reserve Bank of Kansas City is the nation's central bank, focused on strengthening and protecting economic systems. The Information Security Specialist will modernize cybersecurity risk management methods, assess risks, and enhance the organization's security posture through collaboration with stakeholders and data analysis.

BankingFinanceFinancial Services

No H1B

U.S. Citizen Only

Responsibilities

Modernize the current approach to cybersecurity risk management and assessments

Research and evaluate methodologies and frameworks and subsequently apply them for use in the organization

Identify and implement risk quantification and scoring approaches within the organization

Perform in-depth data analysis to identify patterns, trends, and areas of focus and priority

Incorporate threat intelligence into risk assessments to provide context-aware risk evaluations

Conduct business impact analyses to understand how security incidents affect critical business functions

Evaluate and quantify risks associated with third-party vendors and supply chain

Assess specific risks related to cloud environments and services

Develop reports and dashboards to illustrate the organization's risk posture

Ensure that cybersecurity risk is integrated with IT risk, and informs overall Enterprise risk

Research and identify options to establish a risk register

Develop and track risk treatment plans including mitigation strategies, acceptance justifications, or transfer options

Map cybersecurity risks to relevant regulatory requirements and compliance frameworks

Continuously improve risk management processes based on industry trends and organizational needs

Meet with technical experts and business leaders to convey cybersecurity risk in a way they can understand

Partner with incident response teams to incorporate lessons learned into risk models

Translate complex technical risk scenarios into actionable insights for all levels of the organization

Qualification

Cybersecurity risk managementRisk scoring methodsNIST SP 800-53Data analysisGRC toolsCloud security frameworksCommunication skillsSelf-motivationTeam collaboration

Required

Typically requires at least 6 years of relevant cybersecurity risk management experience

Experience with risk scoring methods and risk quantification

Experience with generating reports and dashboards to convey cybersecurity risk in a way that is easy to consume

Experience establishing or running an Enterprise cybersecurity risk management program

Experience with NIST SP 800-53 security standards

Experience presenting risk information to executive leadership

Bachelor's degree specializing in an information technology field from an accredited college or university, or equivalent combination of directly related education and/or experience

Strong knowledge of and experience applying cybersecurity risk frameworks and assessment methodologies; examples may include Factor Analysis of Information Risk (FAIR), NIST Cybersecurity Framework (CSF)

Strong skills and experience with data analysis

Experience with GRC (Governance, Risk, and Compliance) tools

Knowledge of business impact analysis methodologies

Familiarity with cloud security frameworks (CCSK, CCSP)

Ability to understand technical details of cybersecurity risk

Ability to communicate complicated technical risk scenarios to all levels of the organization

Demonstrated self-motivation and ability to perform work independently, and also collaborate in a team environment