Controls & Compliance Analyst

Company Federal Reserve Bank of Richmond

• Perform day-to-day compliance reviews of operational and security controls

• Develop and update standards, policies, and procedures as well as best practices documentation in line with operational and compliance requirements

• Develop and oversee processes for collection of artifacts and compliance verification.
• Develop and oversee the creation of reporting and dashboards to manage compliance to policies and standards.
• Reviewing documentation for completeness, accuracy, and adherence to control requirements.

• Support development of processes and procedures to manage operational risk and achieve & maintain compliance
• Review and ensure that all cloud environments adhere to compliance requirements. (tagging, onboarding, rehydration, encryption, access levels, password settings, etc.)

• Translate security and technical requirements into business requirements and communicate security and operational risks to different audiences ranging from business leaders to engineers

• Identify risks and provide guidance regarding remediation of gaps

• Respond to client security requests, incidents, and other security related questions

• Oversee processes on development and maintenance of information policies, standards, and procedures to address risk and security compliance requirements

• Work with IT Leadership to support the execution of strategies and objectives in accordance with IT Compliance frameworks, guidelines, and requirements

• Advise and train IT process owners on best practices related to IT General Controls, IT security, remediation of any issues and deficiencies

• Conduct risk assessments of information systems which includes creating asset profiles, evaluating threat likelihood and impact, and identifying mitigating controls to determine inherent and residual risk to systems

• Support ongoing internal audit reviews to ensure all required documentation is provided

• Lead the ongoing development, implementation, monitoring, and enforcement of controls to effectively manage risk to the organization.

• Develop training, newsletters and other educational material that is engaging and promotes adoption of security & compliance best practices

• Facilitate small teams of members on remediation activities.

• Perform other related duties as assigned

• Extensive knowledge of general information security best practices and standards such as ISO 27001, COBIT 5, NIST SP 800 series, NIST CSF
• Solid knowledge/experience in Software development life cycle, DevOps, networks, databases, operating systems, application controls and IT operations
• Experience with cloud technologies. AWS or Azure certifications a bonus.
• General understanding of internal audit methodologies and processes
• Work with GRC and Security teams, Internal Audit, external auditors, IT management and staff to identify feasible implementation of controls and resolutions to manage weaknesses and create opportunities for improvement
• Ability to create and maintain IT policies & procedures, management, and executive level reports on effectiveness of IT governance controls and exceptions
• Ability to perform assigned tasks and responsibilities with minimal supervision, which includes planning, executing, and reporting on required compliance tasks within assigned timelines
• 5+ years of IT experience covering Internal or External IT audit, risk management, vulnerability management, data security, regulatory compliance, vendor management, incident response
• Bachelor's Degree in Information Systems, Risk Management, Business Administration, or a related field
• At least one of the following certifications: CGEIT, CISA, CISM, CISSP, CRISC, GCCC, CCSP or CAP.
• Excellent interpersonal and presentation skills
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
• Understand and apply risk management techniques in decision making.
• Ability to work under the direction and guidance in planning details of procedures and methods to attain definite objectives.
• Excellent interpersonal, negotiation, creativity, attention to detail, and oral and written communications skills.

• Working knowledge of architecture and design of solutions using cloud-based technologies
• Experience with basic reporting and analytic tools (excel, tableau, quicksight)
• Basic content development / management experience
• Knowledge of Agile frameworks & methodology

• Bachelor's Degree or equivalent experience with 6 to 9+ years of relevant work experience.

• A requirement of this position is that the employee must be fully vaccinated against COVID-19; individuals who are unable to be vaccinated due to a medical condition or sincerely held religious belief may request an accommodation from the Bank.

• Candidates should review the Bank's Employee Code of Conduct to ensure compliance with conflict of interest rules and personal investment restrictions.
• If you need assistance or an accommodation due to a disability, please notify rich.recruitment@rich.frb.org .
• Sponsorship is not available for this role. The selected candidate will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Eligibility for this specific position requires U.S. Citizenship or three or more years of Permanent Resident (Green Card) status.

• Salary offered will be based on the job responsibilities and the individual's knowledge, skills, and experience as defined in the job qualifications.