FedNow Lead Cyber Risk Engineer

Company
Federal Reserve Bank of Boston

Federal Reserve Financial Services (FRFS) delivers a suite of payments services to financial institutions via FedLine Solutions, Fedwire Funds and Securities, the National Settlement Service (NSS), FedCash 1, FedACH , Check Services, and the FedNow Service. FRFS operates as a fully integrated organization with groups dedicated to customer experience, operations, technology, product and customer/industry management, enterprise services, payments system improvement, and one focused on the ongoing growth and development of the FedNow instant payment service. Our strategy defines our future direction, seeking to offer a fully integrated product suite that provides speed, resilience, and choice in meeting the payments needs of FRFS customers across the United States. Through our Enterprise structure, we strive to meet the needs of the marketplace for new products and services with speed and agility, seek to provide a robust and unified customer experience, and work to create career growth opportunities for FRFS staff.

The FRFS Enterprise operates with a customer-first mindset, comprised of team members seeking to do the best work of their careers in pursuit of our important central bank mission.

The Federal Reserve has developed a new interbank 24x7x365 real-time gross settlement (RTGS) service with integrated clearing functionality, called the FedNow Service. This service enables financial institutions to provide their customers with the ability to send and receive payments any time, any day, and have full access to those funds within seconds. This position is a unique opportunity to be part of this mission-critical Federal Reserve initiative that is transforming the payments landscape in the United States.

The position will be primarily on-site with residency commutable to one of our offices required.

This position is responsible for leading implementation and management of the FRS cyber security framework for the FedNow service. Lead Cyber Risk Engineer reports to Sr Cyber Risk Manager.

Key Responsibilities

• Augmenting AI and automation, design and implement solutions to mature GRC function in the DevSecOps framework (e.g., Policy as Code, CI/CD pipeline compliance checks).

• Lead and coordinate the implementation of security control requirements and related processes based on Federal Reserve information security framework and standards and in support of FedNow DevSecOps. This includes executing security activities based on NIST frameworks and related assessment activities for FedNow information systems.

• Review and analyze cloud vendor and inherited service provider security posture, e.g., FedRAMP packages, establish control ownership, and identity control gaps and associated risk.

• In coordination with various stakeholders, document and maintain a detailed data and information element matrix for system services highlighting sensitive and PII data and develop records for system security documentation including system security plans and associated security and operational processes.

• Identify control gaps and complete risk assessment for control deficiencies. Design plans of actions to address control gaps or risk acceptance. Develop, obtain, and maintain approval documentation.

• Coordinate security reviews and collaborate with security, assessment teams, and business and technical stakeholders to complete the reviews on schedule. Review assessment results, identify and document residual risks and action plans.

• Gather and present authorization packages including analysis and information on security posture and plans for continuous control assurance. Coordinate and obtain appropriate authorizations and sign-offs.

• Manage a portfolio of continuous assurance and compliance activities including ongoing control monitoring and data-driven reporting on FedNow users, process, and technology to guide risk management decisions. Identify and operationalize opportunities for process efficiencies especially through automation.

• Maintain ongoing awareness of developments of FRS and external (as applicable) security frameworks, guidance, and innovation.

Knowledge, Skills and Experience Required

• To be successful in this role, you'll need to be curious, adaptable, and eager to solve complex challenges with technical solutions (e.g., scripting, coding etc)
• Technical experience with GRC engineering activities is strongly preferred
• Possess knowledge and experience with AI capabilities
• Knowledge and experience normally acquired through, or equivalent to, the completion of a Bachelor's degree and a minimum of 6-10 years of relevant job experience
• Possess knowledge of risk management principles and industry-standard security risk management frameworks (e.g. NIST, ISO, FedRAMP).
• Experience in applying security frameworks and risk management activities in a cloud environment is strongly preferred.
• Possess knowledge about or have experience in supporting payments applications or platforms.
• Must possess or be able to obtain appropriate industry certifications such as the CISSP, CRISC, and/or CCSP. Must possess or be able to obtain FRS security risk management certification.
• Must possess or be able to obtain appropriate industry relevant cloud certifications.
• Proven ability to prioritize, reprioritize and demonstrates appropriate agility to manage competing and sometimes conflicting priorities.
• Strong attention to detail and work ownership and accountability.
• Strong oral and written communication skills.
• Proven project management skills and the ability to lead and direct technical and business teams without formal authority.
• Ability to flexibly adapt to a rapidly changing environment and generate effective and innovative solutions to address change.
• A self-starter who is willing to explore, learn new areas and concepts, and promote and support innovation.

Supervision

• This position will not directly supervise employees.

Other Considerations

• Periodic Travel within U.S. may be required - 10-15% of time

The role has a potential for an on-call designation.

The salary range for this position is $ 154,300 - 192,900 - 231,500 . The Boston Fed believes in salary transparency. The final salary and offer will be determined by the applicant's background, skills, internal equity, and alignment with market data. Whether you're developing into the job or are a more seasoned candidate, we aim to pay competitively.

The Federal Reserve Bank of Boston is committed to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.

All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years.

For this job, any offer of employment is contingent upon successfully passing a two-phase security screening. The first phase consists of the satisfactory completion of a physical examination (including a drug screening), reference checks, and a security investigation consisting of credit and criminal history checks.

The second phase, which might not be complete until after you begin working at the Reserve Bank, is an additional risk-based security screening determined by the risk rating of the position. Depending upon the sensitivity of the position, this phase may include, and is not limited to, work and residency eligibility verification, and personal interviews with the candidate, references, and prior employers.

All applicants must have resided in the United States for at least three (3) years.

Full Time / Part Time
Full time

Regular / Temporary
Regular

Job Exempt (Yes / No)
Yes

Job Category
Internal Oversight & Governance Family Group

Work Shift
First (United States of America)

The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Always verify and apply to jobs on Federal Reserve System Careers ( ) or through verified Federal Reserve Bank social media channels.

Privacy Notice