find jobs
job title, keywords or company
city, state or zip code
Cybersecurity Policy Analyst- Senior Level - Supervision Group- Federal Reserve Bank of New York more...
Location:New York, NY
Company:Federal Reserve Bank of New York
First posted:May 24, 2017

Primary Location: NY-New York City

Full-time / Part-time: Full-time

Employee Status: Regular

Overtime Status: Exempt

Job Type: Experienced

Travel: Yes, 15 % of the Time

Shift: Day Job

Individuals will play a key role in securing the cyber networks of the financial institutions (FIs) supervised by FRBNY and also help to secure the broader financial services sector cyber ecosystem. The objectives of this unit are to:

  • Establish and oversee the implementation of a sustainable risk-based cyber risk assessment framework to enhance the existing supervisory and regulatory practices through a measurable time-boxed program;
  • Build partnerships with critical stakeholders within large financial institution, financial industry special interest groups,  representative small, medium and niche financial institutions or consortiums (e.g., SIFMA), domestic regulatory / intelligence community and potentially international regulators (e.g., the BIS) to establish a consistent cyber risk assessment framework;
  • In collaboration with other FRS districts and the Board of Governors, deliver a sustainable and scalable cyber risk assessment model and drive for industry acceptance;
  • Support, influence and sustain a Risk Analysis Competency and Practice Methodology that will enable the FRS supervisory community to adequately identify, evaluate, monitor and measure systemic, current and emerging cyber risks, trends and countermeasures impacting the financial services sector; and
  • Respond quickly to FI cyber vulnerabilities.

Individuals in this job family have expertise in information security and should have or develop proficiency in business continuity and resiliency; especially as it relates to FI cybersecurity. 



Job Responsibilities:

  • Recommend and design policy and standards and construct risk/security metrics that influence the direction of cyber policy and scalable risk assessment model to drive for industry acceptance.
  • Assist with the implementation of the cyber risk assessment framework for identifying cyber risks across the financial services sector and portfolio of firms.  This includes evaluating the effectiveness of governance and practices for managing those risks, and recommending supervisory actions for systems that support critical financial market infrastructure.
  • Develop and contribute to cross-firm analyses that provide insights in systemic, current and emerging cybersecurity risks and trends impacting supervised institutions and the financial services sector as a whole.
  • Provide subject matter expertise in the areas of cyber risk management, and maintain and share current knowledge of emerging threats and vulnerabilities and cyber risk management countermeasures, practices and tools. 
  • Ability to apply knowledge of the financial industry, sound practices, banking principles, regulations and examination procedures and provide insight regarding good cybersecurity risk management practices, countermeasures and controls.
  • Develop relationships with subject matter experts and critical internal and external stakeholders in order to appropriately elicit the information required for the work and influence the outcome of resulting decisions.
  • Communicate to supervisory leaders the conclusions and recommendations from risk analysis work.



Job Requirements:

  • At a minimum, bachelor's degree in business or IT related field.  Preferred certifications include Certified Information Systems Security Professional (CISSP),   Certified Information Systems Auditor (CISA), Project Management Professional (PMP), ITIL Service Manager Certification.
  • 5+ years of relevant experience in information security and risk management.
  • Strong knowledge of information security fundamentals and current security threats, techniques, and landscape.
  • Demonstrated ability in developing, implementing and executing information security and/or risk assessments.
  • Ability to understand and synthesize technical issues to technical and business representatives and translate these to business implications.
  • Ability to think outside of the box and to learn new approaches to modeling problems with a focus on the practical application of the results.
  • Exceptional analytical, critical thinking and decision making skills.
  • Team player with excellent consultative, communication, writing and project management skills.
  • Experience and ability to harness and analyze large sets of heterogeneous data using data analysis and visualization tools and techniques.
  • Ability to obtain and maintain US Security Clearance.


This position requires access to confidential supervisory information, which is limited to "Protected Individuals" as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so.



The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.



All interested candidates should submit a cover letter and resume through the Bank's FedCareers website and apply to req 248494.

Send this job to yourself or a friend.

Please mention
if asked how you found this job.