This role is responsible for modernizing the methods and procedures for performing cybersecurity risk management and assessing cybersecurity risk. This involves assessing the current approach, data, and tools to identify gaps and enhancements. It requires strong partnerships with key stakeholders and business leaders, conveying cyber risk to them in a way that allows them to make risk informed decisions and improve the Organization’s security posture.
Important Information
Open to US Citizens, Green Card holders or Permanent Residents with at least 3 years of residency.
No sponsorship is available. Candidates must have valid work authorization, without an end date to be considered. No H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.
This position requires working on-site with 5 days per month remote work flexibility.
Key Activities
Risk Assessment & Analysis
Modernize the current approach to cybersecurity risk management and assessments.
Research and evaluate methodologies and frameworks and subsequently apply them for use in the organization.
Identify and implement risk quantification and scoring approaches within the organization.
Perform in-depth data analysis to identify patterns, trends, and areas of focus and priority.
Incorporate threat intelligence into risk assessments to provide context-aware risk evaluations.
Conduct business impact analyses to understand how security incidents affect critical business functions.
Evaluate and quantify risks associated with third-party vendors and supply chain.
Assess specific risks related to cloud environments and services.
Program Development
Develop reports and dashboards to illustrate the organization's risk posture.
Ensure that cybersecurity risk is integrated with IT risk, and informs overall Enterprise risk.
Research and identify options to establish a risk register.
Develop and track risk treatment plans including mitigation strategies, acceptance justifications, or transfer options.
Map cybersecurity risks to relevant regulatory requirements and compliance frameworks.
Continuously improve risk management processes based on industry trends and organizational needs.
Communication & Collaboration
Meet with technical experts and business leaders to convey cybersecurity risk in a way they can understand.
Partner with incident response teams to incorporate lessons learned into risk models.
Translate complex technical risk scenarios into actionable insights for all levels of the organization.
Qualifications
Experience
Typically requires at least 6 years of relevant cybersecurity risk management experience.
Experience with risk scoring methods and risk quantification.
Experience with generating reports and dashboards to convey cybersecurity risk in a way that is easy to consume.
Experience establishing or running an Enterprise cybersecurity risk management program.
Experience with NIST SP 800-53 security standards.
Experience presenting risk information to executive leadership.
Education & Certifications
Bachelor's degree specializing in an information technology field from an accredited college or university, or equivalent combination of directly related education and/or experience.
Information Security industry certification (SSCP, CISSP, GIAC, CISM, CISA, etc.) preferred.
Technical Knowledge
Strong knowledge of and experience applying cybersecurity risk frameworks and assessment methodologies; examples may include Factor Analysis of Information Risk (FAIR), NIST Cybersecurity Framework (CSF).
Strong skills and experience with data analysis.
Experience with GRC (Governance, Risk, and Compliance) tools.
Knowledge of business impact analysis methodologies.
Familiarity with cloud security frameworks (CCSK, CCSP).
Skills & Abilities
Ability to understand technical details of cybersecurity risk.
Ability to communicate complicated technical risk scenarios to all levels of the organization.
Demonstrated self-motivation and ability to perform work independently, and also collaborate in a team environment.
Additional Information
How We Work (HWW):
On-site: 5 days per month remote work flexibility
Location: Kansas City, Denver, Oklahoma City, Omaha
Remote Eligible: No
Salary:
$98,600 - $139,000 / Senior Level
$117,300 - $165,400 / Advanced Level
Final offers are determined by factors including the candidate’s qualifications, internal alignment considerations, district assignment, and geographic location.
Screening: US Citizens or Green Card holders and Permanent Residents with at least 3 years of residency. This position has additional screening requirements due to the information accessed while performing the job. These additional screenings would be initiated at the time of offer acceptance and could take up to a couple of months to complete. You can begin work before the screening is completed; however, continued employment is contingent on acceptable screening results. The areas screened may include education/employment verification, criminal history, credit history, and reference checks.
Sponsorship: The Federal Reserve Bank of Kansas City will not sponsor a new applicant for employment authorization for this position. Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.
About Us
Follow us on LinkedIn, Instagram, X (formerly Twitter), and YouTube #KCFedIT
The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.