cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Senior Cloud CyberSecurity Control Expert, ISNY - Technology Group-258344

FRBNY: Sr. Cloud CyberSecurity Technical Expert, ISNY - Technology Group-258343

 

Federal Reserve Bank of New York
Primary Location NY-New York City
 
Full-time / Part-time Full-time
Employee Status Regular
Overtime Status Exempt
Job Type Experienced
 
Travel Yes, 5 % of the Time
Shift Day Job
 
 
 
 

 

Area Overview:
Information Security New York (ISNY) is responsible for developing, executing and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank.

 

Principle Duties and Responsibilities:
The Senior Cloud Cybersecurity Control Expert leads the execution, and enhancements of the Bank's cyber security risk assessment and management program.  The position resides in the Information Security Function and reports to the Head of the Risk Assessment and Management Department. Specifically, the role will be responsible for leading and overseeing:

  • Cyber Cloud security testing and assessments that assess the security posture of information system boundaries
  • Lead cyber security assessments program development, execution and maintenance
  • Lead cyber Risk management activities are executed appropriately and in accordance with the Bank's three lines of defense framework 

Required Technical Skills:

  • Experienced in performing security risk assessments using FedRAMP for the Cloud.
  • Experienced working with results generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews.
  • Strong understanding of industry standard information security control frameworks, particularly with respect to Cloud assessments.
  • Strong knowledge of information security landscape, Cloud security solutions, and current and emerging security threats.

Important Knowledge and Skills:

  • Experienced in conducting technical assessments on SaaS, IaaS, and PaaS solutions.
  • Strong knowledge of secure software development life cycle (SSDLC), microservices architecture, application containerization, DevSecOps, and experienced in security testing tools/methods such as, SAST, IAST, and RASP. 
  • Strong understanding of industry standard information security control frameworks, particularly with respect to Cloud assessments.
  • Advise and educate IT teams on emerging Cloud vulnerabilities and mitigation tactics.
  • Demonstrate experience in the area of risk and controls across various IT platforms especially Cloud infrastructure and applications.
  • Ability to understand, and clearly articulate complex technology risks or control deficiencies to technical and non-technical business representatives, and translate into business risks. Be able to recommend security solutions and remediation.
  • Strong knowledge of information security landscape, security solutions, and current and emerging security threats.
  • Exceptional analytical, critical thinking and decision making skills.
  • Ability to manage, prioritize, and complete multiple projects and tasks simultaneously within defined time frames.
  • Must be organized, self-motivated, and able to work independently with minimal supervision.
  • Relevant industry accepted security certifications (AWS, CISSP, CISA, CRISC, SANS, etc.) a plus
  • Candidate must have a minimal 3-5 years of experience with an information security team with overall 7-9 years plus of overall experience.
  • Possession of or the ability to obtain U.S. Government Security Clearance, which includes U.S. Citizenship

Education/Certifications:

  • Relevant industry accepted security certifications (AWS, CISSP, CISA, CRISC, SANS, etc.)
  • Possession of or the ability to obtain U.S. Government Security Clearance, which includes U.S. Citizenship

The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.