Examiner II or Senior Examiner - Risk Specialist (Cybersecurity Examiner)
The Federal Reserve Bank of Cleveland is part of the nation's central bank. We have provided many opportunities for professional growth during our history.
For nineteen years in a row, we have been named "One of Northeast Ohio's Best Places to Work" by North Coast 99. This prestigious award honors organizations with outstanding employment practices, including compensation, benefits, training, recruitment, retention, community services, and employee communications.
At our state-of-the-art Cleveland Office we are seeking innovative thinkers with vision to build the framework that will carry the Bank into the future. Join our team!
This position requires access to confidential supervisory information and/or FOMC information, which is limited to "Protected Individuals" as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, and U.S. permanent residents who either are not yet eligible to apply for naturalization or who have applied for naturalization within the requisite timeframe. Candidates who are not U.S. citizens or U.S. permanent residents may be eligible for the information access required for this position and sponsorship for a work visa, and subsequently for permanent residence, if they sign a declaration of intent to become a U.S. citizen and meet other eligibility requirements.
In addition, all candidates must undergo an enhanced background check and comply with all applicable information handling rules, and all non-U.S. citizens must sign a declaration of intent to become a U.S. citizen and pursue a path to citizenship.
C yber Security Risk Specialist
Operations Risk & Resiliency
This position can be located in: Cleveland, Cincinnati or Pittsburgh
The Cyber Security Risk Specialist will conduct cybersecurity risk management examinations primarily for large/complex financial institutions (FIs) and significant service providers (SSPs) under our supervisory authority. This specialist will serve as a Federal Reserve System subject matter expert. This specialist will be responsible for assessing FI/SSP cybersecurity and operations risk management programs, information technology operations, and management information systems to ensure they are operating in a safe and sound manner and complying with applicable banking laws, regulations, and policy statements. This specialist will lead and / or participate on national examinations for information security and cybersecurity, including assessing business resiliency and vendor risk management.
Essential Job Responsibilities
Leads or participates on cybersecurity examinations to determine the effectiveness of a FIs and SSPs cyber security program and validate their remediation efforts of identified issues.
Leads or participates on Federal Reserve System and local cybersecurity initiatives related to training, committees and development of policy statements to enhance the supervision of FIs and SSPs
Perform continuous monitoring across the FI and SSP portfolio to understand micro (institution specific), horizontal (industry wide/peer), and macro (financial system supervision) cybersecurity risks.
Prepares informative, well supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings and required actions to senior management and board of directors.
Prepare supervisory plans for relevant and effective risk based supervision factoring in the size and complexity of the target firm.
Prepares and delivers written analyses and presentations on FI and SSP specific and industry trends or emerging risk.
Analyze information and determine an estimated risk and potential impact to the financial institutions and financial services industry.
Develop and maintain ongoing relationships with supervisory personnel at the Board of Governors and Reserve Banks, across other regulatory agencies, as well as senior management and directors of FIs and SSPs to ensure strong communication of supervisory expectations.
Maintain a global awareness of relevant regulations, laws, emerging issues, trends, and ongoing developments in the financial service.
A minimum of 7 years of direct work experience for Examiner II, 10 years of direct work experience for Senior Examiner; with auditing or managing security and technical controls using industry standard frameworks such as FFIEC, NIST, SANS, and ISO.
- Bachelor's degree in computer science or related field.
Currently holds an industry recognized information security certification (e.g., CISSP, CISA, CEH and / or vendor certifications) preferred.
Experience working in regulatory/government agencies or financial services is ideal.
Regulatory Agency Examiner Commission is preferred but not required.
Knowledge and Skills
- Advanced knowledge in information security/cyber security, risk management, end point and server technologies, network management/architecture, intrusion detection and prevention systems, vulnerability/pen testing management, and patch management systems. This individual serves as a subject matter expert within these areas.
Ability to evaluate an institutions' information security program and provide expert advice on its ability to identify, protect, respond, and recover from business disruptions.
Ability to analyze threat intelligence reports to identify vulnerabilities, understand how they could be exploited, and the potential impact to the financial industry.
Critical thinking and decision making abilities. The ideal candidate makes good decisions based on a mixture of analysis, wisdom, experience and judgment.
Strong analytical, written and oral communication including strong presentation and negotiation skills in dealing with all levels of management, boards of directors and other regulatory agencies.
Sound analysis, problem solving and judgment skills. The ideal candidate is sought out by others for advice and solutions due to their expertise. Further, the ideal candidate recommends solutions and suggestions that turn out to be accurate when judged over time.
Strong time management skills and ability to prioritize multiple work streams. • Ability to work on cross-functional teams with various stakeholders on assignments under tight deadlines.
Ability to understand and translate complex technical issues into business implications for technical and business representatives.
Maintains ongoing awareness of current and emerging information regarding security threats, techniques and landscape.
Up to 75% overnight travel during the course of the year. Travel may be to various locations throughout the U.S.
Traditional office environment: Employees typically sit most of the day, work with a computer and may answer/respond to phone calls. Physical movement consists of walking for meetings, breaks, etc. Ability to lift items weighing approximately 20 pounds on a limited basis is required. Addendum as needed: Employees may be required to travel by car/air.
Back to top