Retail Payments Information Security Engineer

Position Summary:

The Federal Reserve is looking for an experienced information security professional with expertise in the areas of information security operations and compliance.  Candidates with exceptional skills and experience in business continuity and project management are preferred. The successful candidate will have a strong understanding of the implementation of information security controls, to include the development and maintenance of information security processes and procedures.  Under very limited direction, the successful candidate will be called upon to maintain the policies and controls for information security used to protect the Bank’s information assets and work with critical and sensitive information on a daily basis. Working closely with other security engineers, the successful candidate will also be called on to conduct control assessments and manage portions of the department’s business continuity plan.  The successful candidate will serve as a security controls subject matter expert for business areas and will participate in system level information security workgroups.  Additionally, the successful candidate will develop and maintain crisis management procedures, business continuity scenarios, and contingency plans for key IT services and business functions.

Key Responsibilities:

• Represents the department in District and System workgroups and initiatives. 
• Leads large scale information security projects and directs team members in execution.
  
• Mentors staff in planning efforts, developing work breakdown structures, and assisting in estimating project budgets.
  
• Consults with owners on policies and standards as they progress through risk management life cycle, including adding new components or modifying existing components; ensures required documentation is created and maintained.
  
• Participates in and leads workgroups to identify issues and vulnerabilities, assess risks, and determine feasible alternatives and costs.
  
• Participates in continuous process improvement efforts for organizational plans, processes, procedures, and other aspects of the program.
  
• Performs vulnerability assessment and management by providing oversight of patch penetration, scanning for vulnerabilities, conducting security analysis of scan results, and validating vulnerability remediation.
  
• Performs event monitoring and incident response by analyzing anomalies, and containing, mitigating, and analyzing cyber incidents. Reports on analysis and provides recommendations.
  
• Develops and tracks metrics and measures to substantiate efficacy of the program.
  
• Creates, edits and publishes technical documentation including information security reports, white papers, technical notes, implementation and configuration guides for a wide variety of audiences.
  
• Provides support and resolution of security problems by analyzing, troubleshooting, remediating, and resolving issues. Advises on the impact of technical changes and exception requests.
  
• Provides support for access reviews and other configuration reviews.
  
• Performs security reviews of requested hardware and software.
  
• Participates in self, internal, and external audit reviews, and risk assessments for the department and end user departments. Guides remediation activities for noncompliance issues by tracking and reporting the status of remediation.
  
• Participates in assessments of suppliers in areas such as, but not limited to, third party vendors and cloud services by evaluating responses against required controls to identify where control gaps exist.
  
• Develops and maintains a comprehensive list of Plan of Action and Milestones (POA&M) and risk acceptances. Develops procedures for monitoring and reviewing results to ensure risk documentation is current.
  
• Develops and maintains strong working relationships with business areas throughout the enterprise.  Advises business lines and IT team on security requirements and best practices.  Optimizes the use of technology to improve the customer experience.  Serves as the subject matter expert for security controls strategy and processes, including audit and privacy requirements. 
• Provides consultations regarding direction of systems and applications to help secure access, data and assets.
  Serves as a liaison with System security staff to ensure consistent and coordinated messaging, training materials, and activities. Collaborates with colleagues to translate technical content into an understandable end-user format.
  
• Plans, develops, and delivers initiatives that promote sound practices to include creation and delivery of specialized business specific awareness training.
  
• Stays current on new and emerging technologies.  Reviews internal, government, academic and commercial sources of information to anticipate new security compliance requirements and identify advancements to best practices for protecting resources and information.
  
• Leads proof of concept, technology evaluation and acceptance testing of security products and processes.
• Demonstrates Information Security Leadership in the District, System and Community.

Education:

• Associate’s degree from a two-year college or technical school with specialization in an information technology field, or equivalent combination of education and/or directly related work experience required.  Bachelor’s degree from an accredited college or university with specialization in an information technology field or equivalent combination of experience, education, and/or certification preferred

Experience:

• Four to Six years of information security experience with a strong understanding of distributed networking, Windows and UNIX operating systems, and database management systems required.  Seven to Ten years of experience preferred.

Knowledge Area/Technical Skills/Certifications and Licenses:

• Certified Information Systems Security Professional (CISSP) or other industry certification required.
• Familiarity with information security frameworks such as NIST/ISACA/ISO required.
  
• Technical experience in interpreted development languages and Microsoft scripting platforms preferred.
  
• Familiarity with information security tools such as vulnerability scanning tools, SIEM tools, and access monitoring tools is preferred.
  
• Knowledge in Network Design & Architecture, Product Testing & Evaluation, and Technical Writing preferred.
  
• Strong project management skills preferred.
  
• Strong business continuity experience preferred.
  
• Leadership experience is preferred.
  Knowledge of the following:
  
  • Access control methods including: access control lists, encryption and key management, and user and group administration
    
  • Vulnerability assessment and vulnerability management methodologies
    
  • Incident response and event monitoring
    
  • Web application scanning
    
  • Computer forensics analysis and laws pertaining to computer forensics
    
  • Penetration testing
    
  • Network and endpoint security
    
  • Common operating systems, such as Windows and Linux/Unix
    
  • IP networking concepts
    
• Advanced analytical, problem solving, design, and implementation skills to facilitate resolution of technical compliance issues and support maintenance of an effective controls environment.
  
• Strong interpersonal and customer service skills, including the ability to explain complex procedures in writing and verbally.
  
• Flexibility to quickly adapt to changing business needs and processes.
  
• Ability to participate in on-call rotation and provide off-hours support.

Individual Competencies

• Demonstrates Self-Awareness
• Problem Solving
• Action-Oriented
• Collaborates
• Communicates Effectively

This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change (e.g. emergencies, rush jobs, change in workload or technological developments).

The Federal Reserve Bank of Atlanta is an equal opportunity employer.