Lead IT Security Analyst


Lead IT Security Analyst

Preferred Location: San Francisco, CA
Other Location(s): Los Angeles, CA or Seattle, WA or Salt Lake City, UT or Phoenix,AZ or Portland, OR

The Federal Reserve Bank of San Francisco is looking for a Lead IT Security Analyst to join our Information Security team. The Federal Reserve has a global mission and offers leading edge work in a stable environment with competitive pay, superior benefits AND a true “work life balance”. If you desire to be part of a world-class team and to develop your skills and experience beyond anything available in the commercial sector, the Federal Reserve is the place for you.

The mission of the SF Fed, one of twelve Districts within the Federal Reserve System (FRS), is to promote low inflation, full employment and financial stability, and provide services to financial institutions. As the largest District by geography and size of economy, the importance of our success cannot be understated.

What we are looking for:
In this role, you will perform at an advisory level and leverage your experience in Cyber Risk Management and Information Security to develop positive working relationships and collaborate with various District organizations to advise on all efforts related to “Security Assurance for the Federal Reserve” (internally known as “SAFR”) for internal technologies and external service providers. 
Our ideal candidate has a strong technical Cyber Security background and is confident providing security advice to leaders all the way to the executive level. You should also enjoy the “art” of partnership, building trust and influence with technical and non-technical partners.

What you will do:
You will work with the rest of the Risk Management and Assessment Function to perform threat modelling, risk assessments, security control evaluations, and architectural reviews. You will work with business partners to collect relevant information for both on premises systems and third-party systems. You will provide risk guidance to ensure that senior leadership understands how accepted risk matches with the risk appetite of the organization. 

Essential responsibilities:

  • Provide advice and support to the 12th District risk strategies, identify risks in the Bank’s processes and technologies, and lead improvement initiatives to minimize risk. The ideal candidate for this role will have the ability to blend and utilize their technical, organizational, business, and cyber security skill sets.
  • Create and analyze threat models to identify risk and architectural design improvements
  • Understand technical implementation details necessary to assess security risk and recommend security control improvements or identify mitigating controls
  • Support and ensure compliance with Bank and FRS security controls, policies, and procedures
  • Drive education of process/control owners, so they better understand the controls framework and their operational responsibilities
  • Perform complex analysis of security issues and proactively examine for and recommend sustainable solutions utilizing established methodology and tools within risk and compliance areas
  • Partner with developers and business areas to understand their technical and business requirements and help enable them to do their work securely
  • Communicate security risk and implications to stakeholders at all levels
  • Actively lead workgroups and initiatives within the department, District, System, and with external business partners
  • Influence policy, procedures, and practices within the District and System
  • Mentor, train, and positively influence junior members of the function
  • Bachelor degree in Computer Science/Information Technology/Cybersecurity, or related disciplines and/or equivalent work experience
  • Typically requires 8+ years of experience in cybersecurity including: security advising, security assessment, security architecture, and/or security engineering
  • Expertise in working with development teams/others to create threat models and understanding relevant threats and mitigations
  • Experience in understanding of Cloud (AWS or Azure) architecture and services and implications to security
  • Familiarity with NIST 800 special publications, FedRAMP and other risk frameworks
  • Demonstrated ability to explain complex IT and data related issues to non-expert, non-IT staff and management in a manner that allows clear comprehension of the risk implications
  • Deep collaboration and influencing skills
  • Excellent consultative skills and the demonstrable ability to work effectively with business partners, internal management and staff, and vendors and consultants
  • Strong critical thinking, analytic and problem-solving skills
  • Must be a U.S. Citizen
Desired skills:
  • Meaningful industry certifications such as AWS Security Specialty, Azure Security Engineer Associate, CISSP, CRISC, and/or CCSP
  • Experience performing security code reviews and testing (automated and manual)
  • Experience with coding/scripting, CI/CD development pipelines, multi-factor authentication (MFA), vulnerability scanning and results analysis, Active Directory, Group Policy Objects, security control testing, penetration testing, and/or vulnerability research
At the Federal Reserve Bank of San Francisco, we offer other wonderful benefits including: Dental, Vision, Pre-tax Flexible Spending Account, Backup Child Care Program, Pre-tax Day Care Flexible Spending Account, Vacation Days, Sick Days, Paid Holidays, Pet Insurance, Matching 401(k), and a Retirement / Pension.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

At the Federal Reserve Bank of San Francisco, we believe in the diversity of our people, ideas, and experiences and are committed to building an inclusive culture that is representative of the communities we serve. The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer.