Lead Cyber Risk Engineer
Boston, Missouri, United States of America
Full Time
4 weeks ago
$154,300 - $231,500 USD
No Visa Sponsorship
Key skills
CloudCyber SecurityAICI/CDProject ManagementRisk ManagementCommunication
About this role
Role Overview
- Lead implementation and management of the FRS cyber security framework for the FedNow service
- Augmenting AI and automation, design and implement solutions to mature GRC function in the DevSecOps framework (e.g., Policy as Code, CI/CD pipeline compliance checks)
- Lead and coordinate the implementation of security control requirements and related processes based on Federal Reserve information security framework and standards and in support of FedNow DevSecOps.
- Review and analyze cloud vendor and inherited service provider security posture, e.g., FedRAMP packages, establish control ownership, and identify control gaps and associated risk.
- Document and maintain a detailed data and information element matrix for system services highlighting sensitive and PII data and develop records for system security documentation including system security plans and associated security and operational processes.
- Identify control gaps and complete risk assessment for control deficiencies.
- Design plans of actions to address control gaps or risk acceptance.
- Develop, obtain, and maintain approval documentation.
- Coordinate security reviews and collaborate with security, assessment teams, and business and technical stakeholders to complete the reviews on schedule.
- Gather and present authorization packages including analysis and information on security posture and plans for continuous control assurance.
Requirements
- Bachelor’s degree
- Minimum of 6-10 years of relevant job experience
- Knowledge and experience with AI capabilities
- Technical experience with GRC engineering activities strongly preferred
- Knowledge of risk management principles and industry-standard security risk management frameworks (e.g. NIST, ISO, FedRAMP)
- Experience in applying security frameworks and risk management activities in a cloud environment strongly preferred.
- Must possess or be able to obtain appropriate industry certifications such as the CISSP, CRISC, and/or CCSP
- Proven ability to prioritize, reprioritize and demonstrate appropriate agility to manage competing and sometimes conflicting priorities.
- Strong attention to detail and work ownership and accountability.
- Strong oral and written communication skills.
- Proven project management skills and the ability to lead and direct technical and business teams without formal authority.
- A self-starter willing to explore and learn new areas and concepts, promoting and supporting innovation.
Tech Stack
- Cloud
- Cyber Security
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Professional development opportunities