Senior Information Security Assurance Analyst

Compensation Grade:

11

OUR VISION FOR DIVERSITY AND INCLUSION:

FHLBank Atlanta contributes to our members' success through a diverse, inclusive, and engaged culture that enables all individuals to work together to fulfill our purpose.

BASIC PURPOSE:

The Senior Information Security Assurance Analyst position leads security governance activities including performing risk assessments, maintaining security policies and standards, conducting the vulnerability management program, leading the security awareness program, managing security projects, and providing security consulting in support of Bank initiatives. The Senior Information Security Assurance Analyst position also supports other governance functions such as creating/managing Security Governance Committee reporting, audit/assessment coordination, and aligning the governance program with Enterprise Risk Management and IT Governance Risk and Compliance (GRC).

ESSENTIAL FUNCTIONS:

• Conducts system security risk assessments to identify critical assets such as confidential data and reviews controls to ensure effectiveness.

• Leads the development and maintenance of security policies, security standards and risk governance processes. This includes creating new policies and standards, facilitating updates to existing policies and standards, and leading them through the review and approval governance processes.

• Leads the Bank's vulnerability management program, including analysis and reporting of outputs, metrics reporting, and risk assessments for findings.

• Develops, manages and maintains security awareness strategy, coordinating third party services for awareness training, and deploying awareness content via mediums including newsletters, posters, intranet postings and videos.

• Leads the development and maintenance of regular and frequent phishing campaigns to reinforce security awareness and training.

• Educates users in security principles, policy, and practices through daily interaction and security awareness activities.

• Creates and coordinates the Security Governance Committee agenda, works with the committee chair and materials submitters, develops content and memos related to risk areas, conducts review sessions leading up to the committee meeting, and manages follow-up on any actions that derive from the committee meeting.

• Plans, leads, implements, and reports on security projects designed to strengthen security infrastructure, meets regulatory/compliance requirements, and supports the Bank's technology/cyber security strategy.

• Coordinates and leads security penetration assessments performed by internal staff and third parties, including scheduling, identifying resources, ensuring execution, reporting, and facilitating remediation plan development/implementation.

• Evaluates and tests the design and operating effectiveness of IT security controls.

• Provides project support and advisement for both Information Technology and business initiatives requiring security infrastructure and services.

• Supports identity governance administration (IGA) activities to prevent security risks involving Bank data. This includes validation of the timely removal of identity access, role-based access control (RBAC), and identity analytics.

• Establishes processes and procedures necessary to ensure the effectiveness of security controls for information system assets and to protect them from intentional or inadvertent access, disclosure, and destruction.

• Documents, investigates and reports cybersecurity compliance issues and incidents.

• Creates queries and reports to extract data for reporting and statistical research. This includes reporting on metrics as they pertain to the security area to various levels of management.

• Leads and facilitates responses to audit and compliance-related requests such as SOX control reviews, Internal Audit requests, regulator inquiries, and external audits.

• Articulates security-related risks and accountability to key organizational stakeholders.

KNOWLEDGE, SKILLS, ABILITIES:

A strong technical understanding of security products such as firewalls, IDS/IPS, file integrity management systems, endpoint protection, data loss prevention, log monitoring and correlation is recommended.

Extensive experience creating and maintaining information security policies and information system hardening standards.

Skilled at working independently with guidance in only the most complex situations.

Working knowledge of information security and awareness programs, including newsletters and performing phishing exercises to test security awareness.

Strong knowledge of cybersecurity frameworks such as NIST, CIS, ITIL, FFIEC, and COBIT.

Strong communication and interpersonal skills, good presentation and written skills, and strong multi-tasking and analytical skills.

MINIMUM REQUIREMENTS

A bachelor's degree in computer science, information systems, or information security with a minimum of seven years information security/information technology experience, including at least five years of information security experience, or the equivalent combination of education and experience is necessary. Security certification such as CISSP, CISM, CRISC or GIAC is strongly recommended. CISA certification and/or an Information Security Assurance master's degree is desired.

WORK LOCATION:Onsite with an opportunity to work remote partially. This position may not be filled in California, either in-person or remotely.

We are an equal opportunity employer committed to , equity, and inclusion in the workplace.