IT Compliance and Risk Management
Boston, MA, United States
Qualifications:
Requirements - Working knowledge of NIST 800 series Special Publications and IT Security Program.
Knowledge and experience normally acquired through, or equivalent to, the completion of a bachelor's degree and 3 - 5 years of job-related experience.
Certification in related technical discipline desirable. Commencing an engagement at the Client is contingent upon successful completion of a background screening that includes a drug screening, credit check, FBI criminal history, Patriot Act / Office of Foreign Assets Control (OFAC) / Prohibited Parties watch list check, professional reference check, employment history verification, and educational history verification.
Responsibilities:
The Specialist will develop, update, and maintain IT compliance documentation based on Client IT compliance standards.
The individual will conduct regular reviews and assessments to coordinate Client Enterprise Risk Management and Security Assurance for the Client(SAFR) reporting requirements.
Responsibilities - Perform IT compliance, risk assessment, and mitigation. Provide business and technical expertise for compliance including impact level and vulnerability corrective action recommendations and follow-up. Develop, update, and maintain IT compliance documentation based on Federal Reserve IT compliance standards. Conduct regular reviews and assessments to coordinate IT compliance testing and reporting requirements. Analyze IT compliance and risk related policies and standards.
Principal Accountabilities:
Performing activities associated with the Bank's information security framework. This includes assisting business lines completing security control self-assessments, preparing System Security Plan documentation, conducting analysis of security control deficiencies, and monitoring risk management activities.
Providing status reports of progress.
Optionally and skills dependent, candidate could participate in independent security controls testing activities such as technical scanning or management/operational reviews.
Executing continuous monitoring activities, including recurring access reviews, and preparing security-related documentation.
Assisting peers within the Information Security function with ad hoc risk assessments, such as software/hardware compliance reviews.
Knowledge and Experience:
Working knowledge of NIST 800 series Special Publications, FISMA, or equivalent IT security programs.
Background in information technology, information security, computer science, data analysis or equivalent preferred.
Knowledge and experience with risk assessments, security plans, and test and evaluation activities.
Ability to recommend corrective action plans.
Ability to interpret security policies and standards and understand how they can be best applied within an organization.
Good organization skills with the ability to exercise discretion and ingenuity to determine the proper course of action while following established standards.
Ability to be innovative with resourcefulness and a strong drive for results.
Strong communication skills to support team members within the Information Security function and business lines in Client.
Excellent written and verbal communication skills.
Other:
Staff working within the Information Security function are expected to obtain an enhanced clearance (NACI level 2 or equivalent).
Education: Bachelors Degree