Federal Reserve Bank (FRB)
Security Compliance Analyst, Senior Analyst or Lead (Finance)
All employees must be fully vaccinated against COVID-19 which includes receiving a COVID-19 vaccine booster or qualifying for an accommodation from the Bank's COVID-19 Vaccination Policy; individuals who are unable to be vaccinated due to a medical condition or sincerely held religious belief may request an accommodation from the Bank.
• To be considered for this position, candidates must be a U.S. citizen.
Treasury Services partners and supports the US Treasury's mission to expand the use of digital transactions across the Federal Government. The group provides strategic-level leadership, industry knowledge and innovative thinking to assist with Treasury's end goal of all-electronic payments and disbursements.
As a part of the Federal Reserve Bank of Cleveland's Treasury Services team, we embrace the challenge of consistently delivering exceptional work to benefit the Treasury, our organization, federal agencies, businesses, financial institutions, and individuals.
Position Summary
For the business lines supported by Cleveland (Pay.gov, Debit Gateway, TCMS/DVS, CIR, eCommerce and any potential future business lines) which are owned by the Department of Treasury's Bureau of the Fiscal Service, the Security Compliance team supports the security posture of multiple systems by ensuring compliance with government and industry frameworks, facilitating security assessments and audits, performing department access reviews, maintaining disaster preparedness, and raising security awareness.
Security Compliance Analyst Essential Accountabilities
1. Collaborate with both internal and external stakeholders to ensure ongoing compliance (FISMA, PCI, FedRAMP, etc.) and security of Treasury Services applications.
2. Support compliance-related initiatives, e.g. development and updating of security plans, to support the Information System Security Officer`s responsibilities.
3. Ensure that Fiscal Service Baseline Security Requirements (BLSRs) are adhered to and accurately documented.
4. Process access requests for new hires, transfers, and terminations; performs periodic access reviews to support this process.
5. Provide information security awareness guidelines and policies to department staff; ensure adherence to these policies via activities such as department walkthroughs.
6. Collaborate with the Bank's Information Security department on various compliance tasks.
7. Maintain Business Continuity (BC) documentation for the department.
8. Draft procedures and processes to support security compliance-related activities. (Analyst level)
Security Compliance Analyst Senior Essential Accountabilities
1. Collaborate with both internal and external stakeholders to ensure ongoing compliance (FISMA, PCI, FedRAMP, etc.) and security of Treasury Services applications.
2. Lead or support compliance-related initiatives, e.g. development and updating of security plans, to support the Information System Security Officer's responsibilities.
3. Coordinate annual security assessments with third-party vendors for all Treasury Services applications.
4. Ensure that Fiscal Service Baseline Security Requirements (BLSRs) are adhered to and accurately documented.
5. Process access requests for new hires, transfers, and terminations; performs periodic access reviews to support this process.
6. Collaborate with other Federal Reserve Banks, Fiscal Service, vendors, and payment providers on security issues as well as best practices.
7. Ensure that the department's third-party vendors are compliant with Treasury and FRB security requirements (e.g., SAFR).
8. Maintain Business Continuity (BC) documentation for the department, coordinate or lead Business Continuity exercises with all Treasury Services managers and officers at least annually.
Security Compliance Lead Essential Accountabilities
1. Provide leadership and direction to other members of the team.
2. Lead compliance initiatives for emerging technologies (e.g., Cloud) and new business lines.
3. Collaborates with both internal and external stakeholders to ensure ongoing compliance (FISMA, PCI, FedRAMP, etc.) and security of Treasury Services applications.
4. Lead compliance-related initiatives, e.g. development and updating of security plans, to support the Information System Security Officer's responsibilities.
5. Coordinate annual security assessments with third-party vendors for all Treasury Services applications.
6. Ensure Fiscal Service Baseline Security Requirements (BLSRs) are adhered to and accurately documented.
7. Collaborates with other Federal Reserve Banks, Fiscal Service, vendors, and payment providers on security issues as well as best practices.
8. Ensure that the department's third-party vendors are compliant with Treasury and FRB security requirements.
9. Maintains Business Continuity (BC) documentation for the department; coordinates or leads Business Continuity exercises with all Treasury Services managers and officers at least annually.
Education and Experience
Analyst: Bachelor's degree with 3+ years of related work experience
Sr. Analyst: Bachelor's degree with 5+ years of related work experience
Lead: Bachelor's degree with 7+ years of related work experience
Certifications (preferred)
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Analyst Knowledge and Skills - Intermediate level
• Understanding of industry-based security controls relating to applications, services, and systems.
• Knowledge and understanding of security compliance frameworks such as NIST, PCI, FedRAMP, and/or FISMA.
• Experience with risk and security vulnerability management.
• Knowledge of cloud-based platforms and technologies.
• Ability to analyze highly complex business requirements.
• Time management skills, and the ability to prioritize and multi-task.
Senior Analyst Knowledge and Skills - Advanced level
Thorough understanding of industry-based security controls relating to applications, services, and systems.
Knowledge and understanding of security compliance frameworks such as NIST, PCI, FedRAMP, and/or FISMA.
Experience with risk and security vulnerability management.
Knowledge of cloud-based platforms and technologies.
Ability to analyze highly complex business requirements.
Time management skills, and the ability to prioritize and multi-task.
Lead Knowledge and Skills - Expert Level
• Thorough understanding of industry-based security controls relating to applications, services, and systems.
Demonstrated leadership experience from previous professional roles.
Knowledge and understanding of security compliance frameworks such as NIST, PCI, FedRAMP, and/or FISMA.
Experience with risk and security vulnerability management. Knowledge of cloud-based platforms and technologies.
Ability to analyze highly complex business requirements.
Time management skills, and the ability to prioritize and multi-task.
Physical Demands and General Working Conditions
• Employees typically sit most of the day, work with a computer and may answer/respond to phone calls. Physical movement consists of walking for meetings, breaks, etc. Ability to lift items weighing approximately 20 pounds on a limited basis is required. Employees may be required to travel by car/air.
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.