Senior Cybersecurity Risk Management Specialist / Risk Management Specialist

Federal Reserve Bank Chicago, IL

About the Job

Senior Cybersecurity Risk Management Specialist / Risk Management Specialist Large, Specialized and Regional Bank Division – Supervision and Regulation Department Job Description The Cybersecurity Risk Management Specialist will participate in the examination or direct supervision of large, complex financial institutions related to Information Security (IS) Risk as a member of a team or as an Examiner in Charge (EIC). The Risk Management Specialist will be responsible for preparing; reviewing, monitoring, and formulating institution focused IS supervisory activities. The Risk Management Specialist provides summary analyses regarding the organization’s condition and evolving IS risks through meetings with institution management, including review of institution management reports, participating on and leading onsite visitations and IS focused examinations. The Risk Management Specialist prepares communications with the Boards of Directors and senior institution management in order to foster positive change. The Risk Management Specialist also directs reviews, evaluates, and approves the work of assigned personnel. The role acts as a IS risk management supervision resource for Reserve Bank, System, and Board of Governor colleagues and financial institutions. May serve as an IS topics focused instructor and a training lead. May provide input on IS training, supervision, goal development and guidance to staff. May make hiring recommendations and evaluate and/or provide feedback regarding staff performance. May provide IS work direction to others. The level of work required is considered to be advanced and individual must be able to work under minimal supervision. This job does not have any direct reports. Essential Duties · Identifies and assesses significant risks related to information security risks at financial institutions · Determines the adequacy of implemented information security and supporting technology, systems for mitigating and controlling risks · Determines the effectiveness of risk management, policies, and procedures, and compliance with laws and regulations · Monitors a portfolio of complex institutions and provides summary reports on their conditions and changing risks · Evaluates financial information and/or related IS data, procedures, and controls to arrive at sound, supportable conclusions · Interprets information and reviews IS data in order to make decisions, establish priorities, and develop hypotheses to facilitate the understanding of events as well as makes projections to forecast IS risk trends · Provides focused and value added IS analyses and reports and related correspondence to both outside stakeholders and internal management · Develops and maintains ongoing relationships with supervisory personnel at the Board and Reserve Banks, across other regulatory agencies, as well as senior management and directors of supervised institutions to ensure thorough communication of examination and supervisory issues to institutions. · Participates in department and system-wide initiatives, including, but not limited to, working with staff from other Reserve Banks, the Board of Governors and other regulatory agencies. · Plans, leads and coordinates ongoing supervision and targeted IS risk focused reviews as Examiner In Charge (EIC), targeted examinations at large, complex banking organizations and technology service or manages special projects with efficient and effective use of available resources · Gathers and organizes information, derives sound analysis, conducts thorough and accurate work, supports findings and conclusions, makes recommendations and decisions, and follows-up, as appropriate · Develops and recommends supervisory actions to institution management and responses · Prepares and delivers persuasive presentations, including IS examination conclusions and supervisory issues to institution directors and senior management · Performs research and supporting analyses related to IS risks, develops and presents recommendations to peers and management · Provides input into critical project development efforts and implements newly developed or revised initiatives · Communicates project changes or problems to peers, team members, and/or others · Provides clear and effective written documents such as supervisory reports, analyses and plans for broad guidance, comprehensive project proposals, and/or complex issues analyses · May instruct at System and FFIEC schools as well as departmental IS training courses and sessions Education and Experience Senior Risk Management Specialist Level · A minimum of 7 years of direct work experience in Information Security examination or technology risk management · Master’s Degree in Engineering or equivalent with course work in Information Security (Bachelor’s degree or direct equivalent Information Security industry experience as noted below) · Currently holds a Certified Information Systems Security Professional (CISSP) designation · Master’s Degree in Business Administration (MBA) is preferred · Federal Reserve System Examiner Commission is preferred Risk Management Specialist Level · Bachelor's degree or equivalent experience required. Coursework in Economics, Finance, or Business Administration preferred · Master’s in Economics, Finance, or Business Administration preferred · Five plus years of direct work related experience · Two plus years in risk area of expertise required · Understanding of risk focused supervision and processes preferred · Examiner Commission beneficial Knowledge and Skills · Independent thinking and decision-making abilities · Strong analytical, written and oral communication abilities · Information Security specific and broad Information Assurance knowledge including fundamental principles and frameworks Other Requirements · 30 - 50% Overnight travel of the course of the year · Applicants must be U.S. Citizens or hold green cards with the intent to become a U.S. Citizen · As a condition of employment, Federal Reserve Bank of Chicago employees must comply with the Bank’s ethics rules which generally prohibit employees, their spouses/domestic partners, and minor children from owning securities, such as stock, of banks or savings associations or their affiliates, such as bank holding companies and savings and loan holding companies. If you or your spouse/domestic partner or minor child own such securities, and would not be willing or able to divest them if you accepted an offer of Bank employment, you should raise this issue with the recruiter for this posting, who can provide you contact information for our ethics official if necessary. **Organization:** **Federal Reserve Bank of Chicago* **Title:** *Senior Cybersecurity Risk Management Specialist / Risk Management Specialist* **Location:** *IL-Chicago* **Requisition ID:** *250575*