Area Overview: Information Security New York (ISNY) is responsible for developing, executing and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank.
Principle Duties and Responsibilities: The Senior Cloud Cybersecurity Technical Expert leads the execution, and enhancements of the Bank's cyber security risk assessment and management program. The position resides in the Information Security Function and reports to the Head of the Risk Assessment and Management Department. Specifically, the role will be responsible for leading and overseeing: • Cyber Cloud security testing and assessments that assess the security posture of information system boundaries • Lead cyber security assessments program development, execution and maintenance • Lead cyber Risk management activities are executed appropriately and in accordance with the Bank's three lines of defense framework
Required Technical Skills:
Experienced in conducting technical assessments on SaaS, IaaS, and PaaS solutions.
Strong knowledge of secure software development life cycle (SSDLC), microservices architecture, application containerization, DevSecOps, and experienced in security testing tools/methods such as, SAST, IAST, and RASP.
Strong knowledge of information security landscape, Cloud security solutions, and current and emerging security threats.
Important Knowledge and Skills:
Experienced in performing security risk assessments using FedRAMP for the Cloud.
Strong understanding of industry standard information security control frameworks, particularly with respect to Cloud assessments.
Experienced working with results generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews.
Advise and educate IT teams on emerging Cloud vulnerabilities and mitigation tactics.
Demonstrate experience in the area of risk and controls across various IT platforms especially Cloud infrastructure and applications.
Ability to understand, and clearly articulate complex technology risks or control deficiencies to technical and non-technical business representatives, and translate into business risks. Be able to recommend security solutions and remediation.
Strong knowledge of information security landscape, security solutions, and current and emerging security threats.
Exceptional analytical, critical thinking and decision making skills.
Ability to manage, prioritize, and complete multiple projects and tasks simultaneously within defined time frames.
Must be organized, self-motivated, and able to work independently with minimal supervision.
Candidate must have a minimal 3-5 years of experience with an information security team with overall 7-9 years plus of overall experience.
Possession of or the ability to obtain U.S. Government Security Clearance, which includes U.S. Citizenship
The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.