The Federal Reserve Bank of Philadelphia is one of the 12 regional Reserve Banks that, together with the Board of Governors in Washington, D.C., make up the Federal Reserve System. It helps formulate and implement monetary policy, supervises banks and bank and savings and loan holding companies, and provides financial services to depository institutions and the federal government. The Federal Reserve Bank of Philadelphia serves eastern and central Pennsylvania, southern New Jersey, and Delaware.
Job Summary: Protects the confidentiality, integrity, and availability of the Bank's information assets and computing systems from intentional or inadvertent modification, disclosure, or destruction.
Principal Duties and Responsibilities: Acts as the subject matter expert to business clients and unit management on matters of information security. Serves as a leading customer interface for the Information Security Assurance Unit. Consults with clients regarding information security requirements. Identifies solutions for the most complex client inquiries/business requirements and implements process improvements aligned with information security frameworks and business needs. Optimizes the use of technology to improve the customer experience. Develops and maintains strong working relationships with business areas throughout the enterprise. Provides expert guidance to department management and business lines to ensure compliance and mitigation of risks. Serves as a key resource for creating technical documentation and communication. Holds responsibility for coordinating tasks and deliverables for areas including threat management, incident response or compliance. Provides oversight to Information Security Analyst for security incident operations, responding to event escalation as needed. Provides oversight to Information Security Analyst as they identify (or are notified of), investigate and escalate information security incidents on the district network. Plans, contributes to and participates in exercises to test the security incident response plan. Reviews internal, government, academic and commercial sources of information to anticipate new security requirements and identifies advancements to best practices for protecting resources and information. Drafts local policies, standards, guidelines and procedures to supplement enterprise security frameworks. Creates, edits and publishes technical documentation including information security reports, white papers, technical notes, implementation and configuration guides for a wide variety of audiences. Performs complex security monitoring, security and data/log analysis, and sophisticated forensic analysis, to detect security incidents, and mounts incident response. Investigates and utilizes new technologies and processes to enhance security capabilities and implement improvements. Represent the Bank on Incident Response activates at the System level. Performs other related duties as assigned. Fulfills job duties and responsibilities in conformance with sound safety practices.
Principal Duties and Responsibilities: Under limited direction, leads and mentors others involved in the Local Incident Response Team (LIRT). Develops, maintains, and administers incident response playbook and forensic exercises for LIRT staff. Develops and maintains an effective IR plan to ensure readiness for emerging threats. Develops appropriate Key Risk Indicators and management reporting to support the LIRT function.
Education: Bachelor's degree in Computer Science, Information Systems, or other related or equivalent work experience expected. Minimum of 5 years experience in the Information Technology field, with preferably at least 3 years working directly in an information security capacity. Certified Information Systems Security Professional (CISSP) certification or other Information Security certifications expected.
Technical Skills: Expert understanding of Information Security fundamentals, techniques and technologies related to ensuring the confidentiality, integrity and availability of valued information assets. Strong knowledge of various automated security control systems, encryption, message authentication, vulnerability assessment, intrusion detection, penetration testing, incident response, and manual control procedures. Understanding of information security frameworks, network design & architecture, product testing & evaluation, and excellent technical writing ability. Ability to work independently and with very minimal supervision on assignments.
Soft Skills: Strong analytical, planning, problem solving, organizational, oral and written communications and interpersonal skills.
Background investigations including drug testing are required for all new hires as a condition of employment, after the job offer is made. Employment may not begin until the Bank accepts the results of the background investigation.
Applicants must be able to provide work authorization to prove their eligibility to work in the Unites States.
The Federal Reserve Bank of Philadelphia believes that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop, and retain the most talented people from a diverse candidate pool. The Federal Reserve Bank of Philadelphia is proud to be an equal opportunity workplace.