Position Summary:

The Assistant Vice President (AVP) in charge of the National Information Security Assurance (NISA) function is responsible for planning, implementing and maintaining the Security Assurance for the Federal Reserve (SAFR) program, responsive to the current and emerging threat environment and sensitive to evolving business needs. In this capacity, the AVP NISA will set the strategic direction for the enterprise information security (IS) program to include:

• Developing, publishing, maintaining and interpreting the enterprise information security policy, standards, and processes.
• Administering and managing the SAFR program (steady state) as well as the ongoing 'SAFR Improvements' initiative.
• Leading the enterprise Security Awareness and Training program.
• Managing and operating security automation (Rsam).
• Overseeing prioritization and authorization of System-wide security control assessments.

Effectively represents NISA and leads System forums and workgroups, and negotiates and promotes ideas at the System level with senior IS, IT and business management.

Frequently interacts with officials, managers, and staff of System, Board of Governors, IS/IT governance bodies, IT management, Audit, and others to identify, clarify, coordinate, and interpret complex IS policy, risk management, and compliance issues.

This position reports to the Group Vice President, Enterprise Information Security and Resilience. The successful candidate will be a visionary and experienced Information Security Leader who has experience in data security and risk management, has an excellent grasp of the cyber threat environment, and a track record of assisting organizations make balanced and informed risk decisions.

Position Responsibilities:

• Develop, maintain and interpret SAFR Policy, Standards, Processes and Life Cycle documents, providing a comprehensive set of policies and controls required to effectively manage risk to Federal Reserve information systems. Manage and facilitate the approval of enterprise security checklists.
• Provide direction to 'maintain' Trust Model relationships with Board of Governors and Treasury. Provide information security consulting services to IS stakeholders across the enterprise.
• Administer the SAFR program (support office) to direct and influence enterprise-wide adoption of the SAFR Life Cycle. Provide support to IS practitioners as they manage IS risk management activities, SAFR Program enhancements (i.e., SAFR Improvements) and subsequent execution of results. Serve as focal point for enterprise inherited control management and coordination with FR General Support System.
• Lead the Information Security (IS) Training and Awareness Program -- provide a uniform, current, and quality program to Federal Reserve employees that will encourage responsible behavior, to include new employee, annual Security Matters, SAFR Certification and other security training.
• Direct leadership for the support team that manages the enterprise automation tool (Rsam) and continual development and maintenance of Rsam Automated processes, data storage, and reporting for the Security Assurance for the Federal Reserve (SAFR) Life Cycle.
• Provide security control assessment prioritization and enterprise authorization oversight in collaboration with the NIRT, the designated SCA service provider.
• Benchmark the Federal Reserve IS program, policies, and practices against those of other large institutions and Central Banks, maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to established policies, priorities, or investments.