Information Technology (IT) Risk Specialist

Company
Federal Reserve Bank of Boston
When you join the Federal Reserve-the nation's central bank-you'll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems. We dedicate more than $1 billion to technology each year to support the Federal Reserve and our economy, and we're building a dynamic and diverse team for our future.
Bring your passion and expertise, and we'll provide the opportunities that will challenge you and propel your growth-along with a wide range of benefits and perks that support your health, wealth, and life.
A requirement of this position is that the employee must be fully vaccinated against COVID-19 or qualify for an accommodation from the Bank's vaccination policy; individuals who are unable to be vaccinated due to a medical condition or sincerely held religious belief may request an accommodation from the Bank.
This job is eligible for a hybrid schedule with some on-site work expected.
The Information Technology (IT) Risk Specialist leads and participates in reviews and examinations that evaluate the effectiveness of IT risk management practices for a large, globally systemic financial institution under Federal Reserve supervisory authority. As a member of a dedicated supervisory team, you will assess risks and the risk management programs of institutions through participation in on-site examinations and regular monitoring practices of business activities to ensure they operate in a safe and sound manner, and comply with applicable banking laws, regulations, and policy statements. You will also share knowledge within the DST, being a valuable member by holding yourself accountable and being receptive to feedback.
The IT Risk Specialist will use sound analysis and reason to develop conclusions and recommendations on complex issues including elevating the effectiveness of management, supervisory communications, and risk management practices under review. Through your recommendations, you will negotiate, influence actions, and resolve any conflicts that arise. The IT Risk Specialist may also provide leadership or coordinate assistance to support national supervision program management.
Responsibilities:

• Lead or participate in risk-focused examinations, providing well-supported written conclusions and findings for inclusion in supervisory reports. Effectively communicate complex supervisory findings, including required actions, to firm and Federal Reserve System (System) management.
• Develop and maintain expertise in IT (including cybersecurity) risk, as well as supervisory expectations and industry practices in those areas.
• Synthesize information from multiple sources to identify industry trends and emerging issues. Identify the implications of these trends, both at the micro and systematic levels and propose approaches to identified issues.
• Develop an understanding of supervisory rating systems applied to large banks (LFI ratings).
• Assist in the development of firm risk assessments and supervisory strategies, and the vetting of examination scopes and findings. Provide briefings to System staff and others in the supervisory community.
• Develop comprehensive, creative and agile approaches to evaluating risks. Devise methods to more efficiently incorporate Federal Reserve data, market-based surveillance products, and technology into the ongoing supervisory process.
• Evaluate developments impacting the firm's risk profile through analysis of internal risk management reports and interactions with institution management. Support an overall assessment of the firm's governance and controls-related programs and processes.
• Identify emerging institutional, regional, economic, and industry issues and their potential impact. Maintain an awareness of potential changes to key rules, laws and regulations, and supervisory policies.
• Maintain strong relationships and liaisons with System colleagues, institution management, and other regulatory agencies.
• Provide coaching, training, and mentoring of less experienced colleagues.
• This position does not directly supervise others. The ability to travel is required.

Knowledge and Experience:

• Knowledge and experience normally acquired through, or equivalent to, the completion of a Master's degree and a minimum of 10 years of commensurate financial industry or regulatory work experience. Examiner commission is a plus.
• Appropriate industry certifications (e.g. e.g. CISSP, CISA, CISM, CCSP, etc.) are preferred.
• Proficient technical knowledge of IT and information security risk management programs, measurement tools, models, control frameworks, and risk indicators used to make decisions on IT/cybersecurity risks for an organization.
• Capabilities to evaluate a broad range of financial institutions' IT and information security frameworks, including, risk management and compliance programs, payment processing activities, custody services, investment management and servicing utilities, and resiliency of operations.

• Demonstrated effective written and verbal communication skills, including the ability to communicate technical topics in concise terms that non-technicians can readily understand.

Our total rewards program offers benefits that are the best fit for you at every stage of your career:

• Comprehensive healthcare options (Medical, Dental, and Vision)
• 401K match, and a fully funded pension plan
• Paid vacation and holidays; flexible work environment, healthy workflow
• Generously subsidized public transportation
• Annual tuition reimbursement
• Professional development programs, training and conferences
• And more...

PLEASE NOTE: The Federal Reserve Bank of Boston is committed to a diverse, equitable and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.
This position requires access to confidential supervisory information and/or FOMC information, which is limited to "Protected Individuals" as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, and U.S. permanent residents who either are not yet eligible to apply for naturalization or who have applied for naturalization within the requisite timeframe. Candidates who are not U.S. citizens or U.S. permanent residents may be eligible for the information access required for this position and sponsorship for a work visa, and subsequently for permanent residence, if they sign a declaration of intent to become a U.S. citizen and meet other eligibility requirements.
All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years. All candidates must undergo an enhanced background check and comply with all applicable information handling rules.
The above statements are intended to describe the general nature and level of work required of this position. They are not intended to be an exhaustive list of all duties, responsibilities or skills associated with this position or the personnel so classified. While this job description is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion at any time.
Full Time / Part Time
Full time
Regular / Temporary
Regular
Job Exempt (Yes / No)
Yes
Job Category
Work Shift
First (United States of America)
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Privacy Notice