← Return to Job Board

Cybersecurity Senior Examiner - Supervision Group

Federal Reserve Bank of New York – NEW YORK CITY, NY, United States - Published On 3/6/19


The Financial Market Infrastructure Risk team’s core mission is to identify, understand and assess the effectiveness of firms’ management of information technology, cybersecurity, operational and model risks and develop cross-institutional perspectives on sound risk management practices in these key risk disciplines.

Job Description
The Cybersecurity Risk Specialist will conduct cybersecurity risk management examinations primarily for financial market infrastructures (FMIs) and significant service providers (SSPs) under our supervisory authority. This specialist will serve as a Federal Reserve System (FRS) cybersecurity subject matter expert. Given the complexity and systemic importance of FMIs that have been designated Financial Market Utilities (FMUs) by the Financial Stability Oversight Council (FSOC) the examiner will pay close attention to firm-wide IT risk management practices. This specialist will be responsible for assessing FMI/SSP cybersecurity risk management programs and associated management information systems to ensure they are operating in a safe and sound manner and complying with applicable banking laws, regulations, and policy statements. This specialist will lead and / or participate on national examinations for information security and cybersecurity, including assessing cyber resiliency and vendor risk management from a cybersecurity perspective.

Essential Duties
• Leads or participates on cybersecurity examinations to determine the effectiveness of a FMI/SSP cybersecurity program and validate their remediation efforts of identified issues.
• Leads or participates on FRS and local cyber security initiatives related to training, committees and development of policy statements to enhance the supervision of FMI/SSP.
• Leads of participates in cybersecurity horizontal reviews sponsored by the FMU steering committee (FMU-SC).
• Perform continuous monitoring across the FMI/SSP portfolio to understand micro (institution specific), horizontal (industry wide/peer), and macro (financial system supervision) cybersecurity risks.
• Prepares informative, well supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings and required actions to senior management and board of directors.
• Prepare supervisory plans for relevant and effective risk based supervision factoring in the size and complexity of the target firm.
• Contribute to cross-firms and firm-specific supervisory analyses and products (e.g., mid-year and annual assessments).
• Prepares and delivers written analyses and presentations on FMI/SSP specific and industry trends or emerging risks related to cybersecurity.
• Analyze information and determine an estimated risk and potential impact to the financial institutions and financial services industry.
• Develop and maintain ongoing relationships with supervisory personnel at the Board of Governors and Reserve Banks, across other regulatory agencies (SEC, CFTC, OCC, FDIC), as well as senior management and directors of FMI/SSP to ensure strong communication of supervisory expectations.
• Maintain knowledge of emerging technologies, threats/vulnerabilities and risk management practices/techniques and its implications to the FMU and SSP ecosystem.
• Maintain a global awareness of relevant regulations, laws, emerging issues, trends, and ongoing developments in the financial services industry.
Education and Experience
• A minimum of 5 years of direct work experience with auditing or managing security and technical controls using industry standard frameworks such as FFIEC, NIST, SANS, and ISO.
• Bachelor’s degree in computer science or related field.
• Currently holds an industry recognized information security certification (e.g., CISSP, CISA, CEH and / or vendor certifications).
• Experience working in regulatory/government agencies or financial services is ideal.

Knowledge and Skills
• Advanced knowledge in information security/cyber security, risk management, endpoint and server technologies, network management/architecture, intrusion detection and prevention systems, vulnerability/penetration testing management, and patch management systems. This individual serves as a subject matter expert within these areas.
• Ability to evaluate an institutions’ information/cyber security program and provide expert advice on its ability to identify, protect, respond, and recover from business disruptions.
• Ability to analyze threat intelligence reports to identify vulnerabilities, understand how they could be exploited, and the potential impact to the financial services industry.
• The ideal candidate makes good decisions based on a mixture of analysis, wisdom, experience and judgment.
• Strong analytical, written and oral communication including strong presentation and negotiation skills in dealing with all levels of management, boards of directors and other regulatory agencies.
• The ideal candidate is sought out by others for advice and solutions due to their expertise. Further, the ideal candidate recommends solutions and suggestions that turn out to be accurate when judged over time.
• Strong time management skills and ability to prioritize multiple work streams.
• Ability to work on cross functional teams with various stakeholders on assignments under tight deadlines.
• Ability to understand and translate complex technical issues into business implications for technical and business representatives.
• Maintains ongoing awareness of current and emerging information regarding security threats, techniques and landscape.
Other Requirements
• Up to 25% overnight travel during the course of the year. Travel may be to various locations throughout the U.S. and overseas.
• PLEASE NOTE: This position requires access to confidential supervisory information, access to which is limited to "Protected Individuals" as defined by regulation of the Board of Governors of the Federal Reserve System. Protected Individuals include, but are not limited to, U.S. Citizens, U.S. Nationals, and lawful permanent resident aliens (also known as "green card holders") but do not include (i) a permanent resident alien who fails to apply for naturalization within six months of the date the alien first becomes eligible to apply for naturalization and (ii) an alien who has applied on a timely basis, but has not been naturalized as a citizen within 2 years after the date of the application, unless the alien can establish that the alien is actively pursuing naturalization. If you are selected for an interview, you will be required to present documentation of your eligibility prior to the interview.
• Applicants selected will be subject to a security investigation and need the ability to obtain and maintain US Security Clearance.

The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.

How to Apply

All interested candidates should submit a cover letter and resume through the Bank’s FedCareers website at and apply to req 259007.

This document was retrieved from on Wed, 24 Apr 2019 20:23:22 -0400.