Company
Federal Reserve Bank of Boston
The requirements for this position are local to Boston area candidate with proof of US citizenship or Permanent Residency and must have resided in the United States for at least the past three (3) years.
The Third-Party Risk Management Analyst position will be a member of the Third-Party Risk Management organization within National IT. This Analyst will be a part of a team responsible for assessing the information security practices and posture of new and existing third parties for the Federal Reserve System. This role could have additional TPRM responsibilities supporting the identification, assessment, and mitigation of risks related to National IT's managed third-party relationships.
This position will leverage various sources of data to assess the security program and associated risk management practices of the Federal Reserve's suppliers, highlight risks, and control gaps associated with the supplier's security program, categorize the potential risks based on severity, and identify potential mitigation strategies. The position is also responsible for translating the results of the analysis into a business consumable format and delivering those results to business, legal, and procurement teams to advise risk decisions.
Additionally, the analyst will be responsible for identifying, performing, and tracking continuous monitoring activities to ensure that risks associated with active suppliers are appropriately managed and mitigated.
This position will participate in cross-functional teams to address information security policy, vendor risk management, or compliance issues. This position will determine best practices, suggest how to improve current practices, and monitor those practices.
Key Responsibilities (including, but not limited to the following):
• Conduct comprehensive third-party cyber security assessments utilizing a NIST-based framework; evaluate the security posture of third parties to identify vulnerabilities, gaps, and areas of non-compliance; and identify and recommend security controls, best practices, and risk mitigation strategies in alignment with industry standards and regulatory requirements.
• Generate detailed reports that provide in-depth analysis of assessment findings, including identified risks, control deficiencies, and recommended remediation actions for vendor engagements.
• Engage with customers and stakeholders to communicate assessment results, address security concerns, and collaborate on potential remediation actions for vendor engagements.
• Work as part of a cross-functional team to perform assessments on new and existing vendors to understand any potential threats to the Federal Reserve System, advising Federal Reserve stakeholders on any mitigations needed to reduce potential threats.
• Review and interpret results of vendor audit reports and attestations (such as SOC2 reports); identify deficiencies and areas for remediation and advise appropriate stakeholders on findings. May conduct or coordinate periodic vendor audits, in collaboration with Vendor Managers, Internal Audit, and other internal teams as needed.
• Provide coordination and reporting for third-party risk activities including vendor outreach related to cybersecurity breaches and zero-day vulnerabilities.
• Leads process improvement and long-term information security solution discussions and presents outcomes in written and verbal format to senior management.
• Key participant in project development surrounding new processes and the integration of new processes with existing ones. Assists in developing communications of these changes to impacted stakeholders.
Education and Experience:
• Bachelor's degree in computer science, information systems, or other related fields, or equivalent combination of work experience and education
• Should possess or be able to achieve Industry recognized certifications within the domains of information security (e.g., CISSP, GIAC, CISM, CISA, CTPRP, CCSP, etc.)
• 3 years of experience performing cyber security assessments, with a specific focus on third-party assessments and utilizing a NIST-based framework (e.g., NIST 800-53, NIST CSF).
• Experience with compliance and security audits, and risk mitigation plans. Experience developing and completing vendor risk assessments for enterprise-level vendor relationships. Understanding of various risk and security certifications and attestations (SOC2, ISO 27001, etc.). Familiarity with third party risk and governance concepts.
Knowledge and Skills:
• In-depth understanding of cyber security principles, concepts, and best practices, including risk assessment methodologies and security control frameworks.
• In-depth understanding of regulatory requirements and industry standards related to third-party cyber security, such as GDPR, CCPA, HIPAA, PCI DSS, ISO 27001, etc.
• Advanced use of cyber security assessment tools and external vendor information sources; and applying open-source intelligence methodologies.
• Excellent analytical and problem-solving skills, with a proven ability to identify and assess risks in simple assessment scenarios and propose effective solutions.
• Strong written and verbal communication skills, including the ability to effectively present simple technical information to non-technical stakeholders.
• Demonstrate strong customer service skills to ensure a smooth evidence collection experience for both clients and vendors.
• Ability to explain and articulate technical concepts to non-technical stakeholders and follow basic troubleshooting steps to work through issues.
The Federal Reserve Bank is committed to a diverse, equitable and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.
All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years. All candidates must undergo an enhanced background check and comply with all applicable information handling rules.
The above statements are intended to describe the general nature and level of work required of this position. They are not intended to be an exhaustive list of all duties, responsibilities or skills associated with this position or the personnel so classified. While this job description is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion at any time.
For this job, any offer of employment is contingent upon successfully passing a two-phase security screening. The first phase consists of the satisfactory completion of a physical examination (including a drug screening), reference checks, and a security investigation consisting of credit and criminal history checks.
The second phase, which might not be complete until after you begin working at the Reserve Bank, is an additional risk-based security screening determined by the risk rating of the position. Depending upon the sensitivity of the position, this phase may include, and is not limited to, work and residency eligibility verification, and personal interviews with the candidate, references, and prior employers.
All applicants must have resided in the United States for at least three (3) years.
Full Time / Part Time
Full time
Regular / Temporary
Regular
Job Exempt (Yes / No)
Yes
Job Category
Work Shift
First (United States of America)
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.
Privacy Notice
Top Skills
What We Do
As part of the Central bank of the United States, the Boston Fed works to promote sound growth and financial stability in New England and the nation. We contribute to communities, the region, and the nation by conducting economic research, participating in monetary policy-making, supervising certain financial institutions, providing financial services and payments, playing a leadership role in the payments industry, and supporting economic well-being in communities through a variety of efforts.
Why Work With Us
At the Boston Fed, we believe in diversity and the strength that comes from diverse perspectives, ideas, and approaches to solving important business problems. We also recognize that benefits and compensation play a central role in the employer you choose. We work to make sure our compensation package is competitive with those of top employers.
Gallery
Federal Reserve Bank of Boston Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Most jobs are eligible for a hybrid schedule with some on-site work expected. Additionally, remote roles are available and have been labeled as such.