Key Responsibilities
Management and support of user identity and access management including validation and tracking of background screening; user access provisioning and deprovisioning; user role reviews and updates; providing oversight and compliance with access management guidelines for scoped technologies.
Execute periodic compliance certifications and reviews as relates to continuous monitoring requirements. Analyze and address access compliance gaps identified during reviews and help develop solutions to avoid future gaps as needed.
Manage security testing calendar: schedule and coordinate periodic security testing engagements such as annual security continuous monitoring testing, penetration testing, and other applicable testing engagements. Assist in coordinating and documenting testing scope and providing required access, evidence and follow-ups.
As required, assist with the coordination and management of security findings.
Coordinate security training enrollments and follow-ups. Provide a periodic review and report on the completion rates as well as timely escalate cases of non-compliance to management.
Assist in developing, gathering, and contributing to data driven performance and risk indicators related to compliance and operational activities as relates to the overall security posture.
Assist in supporting audit requests and activities including coordinating audit evidence gathering and submission during audit engagements. This may involve independent evidence gathering or collaborating with various team members in obtaining information to satisfy audit request. Post-audit, manage audit findings through control gap management processes and full closure of control gaps.
Continuously assist the broader security team in identifying process and control improvements through escalating discovered control gap patterns and implementing relevant process improvements as required.
Knowledge, Skills and Experience Required
Knowledge and experience normally acquired through, or equivalent to, the completion of a Bachelor’s degree and a minimum of 3-5 years of job related experience.
Possess knowledge of risk management principles and industry-standard security risk management frameworks (e.g. NIST, ISO, FedRAMP).
Appropriate industry certifications such as the CISSP, CRISC, and/or CCSP is highly desirable. If not already possessed, internal security certification must be obtained once started the role.
Proven ability to prioritize, reprioritize and demonstrates appropriate agility to manage competing and sometimes conflicting priorities.
Proven team management and project management skills to lead/direct technical and business teams to achieve common goals.
Ability to flexibly adapt to a rapidly changing environment and generate effective and innovative solutions to address change.
Experience working with the Agile framework is highly desirable.
Strong oral and written communication skills.
Self-starter and ability to explore and learn new areas and concepts.
The Federal Reserve Bank of Boston is committed to a diverse and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.
All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years.
For this job, any offer of employment is contingent upon successfully passing a two-phase security screening. The first phase consists of the satisfactory completion of a physical examination (including a drug screening), reference checks, and a security investigation consisting of credit and criminal history checks.
The second phase, which might not be complete until after you begin working at the Reserve Bank, is an additional risk-based security screening determined by the risk rating of the position. Depending upon the sensitivity of the position, this phase may include, and is not limited to, work and residency eligibility verification, and personal interviews with the candidate, references, and prior employers.
All applicants must have resided in the United States for at least three (3) years.
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.