Students! Find the fintech job of your dreams here.

Georgia Fintech Academy
Georgia Fintech Academy

Info Security Analyst, Advanced

Federal Reserve Bank of Atlanta

Federal Reserve Bank of Atlanta

Minneapolis, MN, USA
Posted on Saturday, June 15, 2024


Federal Reserve Bank of MinneapolisThe Federal Reserve Bank of Minneapolis is looking for a dynamic and enthusiastic Information Security Analyst to join our Information Security Governance, Risk & Compliance team.

As an Information Security Analyst, you will provide expertise to business and technology stakeholders in your role supporting cyber risk management activities throughout the Bank. Ideal candidates will have had previous experience with information security control and risk management frameworks such as NIST 800-53 and NIST 800-37. If you are a self-starter with a passion for identifying and assessing risks, and approaching mitigation from a holistic perspective, this position is for you.

This is not a remote position. The Minneapolis Fed believes in flexibility to balance the demands of work and life while also recognizing the necessity of connecting and collaborating with our colleagues in person.

Onsite work is an essential function of this position, and you are expected to be in the office at least one day per week for meetings and team collaboration.


  • Ensure that applicable IT security policies are implemented for assigned information systems and boundaries.

  • Ensure that applicable security risk management activities prescribed by the Bank’s risk management framework (e.g. SAFR Lifecycle) are followed including:

    • Providing guidance and expertise to effectively categorize information and information systems to ensure impact levels for the security objectives of Confidentiality, Integrity, and Availability are aligned appropriately.

    • Supporting development and implementation of System Security Plans (SSPs) including selection of controls and development of related artifacts, control procedures or related specification documents.

    • Performing and/or facilitating assessment activities to validate security controls are implemented correctly, operating as intended, and producing the desired outcomes.

  • Ensure that applicable requirements for Information Security Continuous Monitoring are followed including:

    • Completing annual Security Assessments and Authorizations as well as assessments whenever there are significant changes to the information system.

    • Ensuring sure that an operational continuous monitoring plans are maintained and executed as part of the System Security Plan (SSP).

    • Ensuring the execution of risk assessments prior to the implementation of system changes to determine impacts to the security controls established for the system.

    • Ensuring that all Risk Acceptances and Plan of Action and Milestones (POA&Ms) are created, reviewed, and reported to key stakeholders such as the System Owner and Authorizing Official (AO).

  • Coordinate with the System Owner to update the SSP, manage and control changes to the system, and ensure that security impacts of proposed changes are evaluated by or reported to officials responsible for change control.

  • Ensure that all security documentation (e.g. System Security Plan, Contingency Plan, Configuration Management Plan, etc.) is properly maintained, approved, updated, and compliant with security program requirements.

  • Support refinement of the Information Security team backlog, as needed, ensuring clear requirements alignment in support the team’s mission or objective.

  • Support project initiatives by gathering, analyzing, and capturing input from customers, partners or stakeholders and synthesizing into clear and actionable requirements (user stories) for prioritization and execution.

  • Collaborate with business and technology teams on projects and key initiatives to ensure that security requirements are communicated and addressed throughout the project life cycle. Provide education to staff on applicable policies, procedures, and standards.

  • Collaborate with junior team members and assist with mentoring on risk assessment processes and documentation.

  • Identify, assess, track and report on IT/Security risks across the enterprise. Track risk decisions and remediation plans. Work closely with Enterprise Risk to communicate risks to both technical and non-technical audiences.

  • Conduct research and analysis on relevant security topics and prepare written or verbal reports or presentations stakeholders and management.


  • Bachelor’s degree in computer science, information systems, computer engineering, cybersecurity, or a related field.

  • A minimum of nine (9) years of broad technical experience within IT or cybersecurity for Information Security Analyst – Advanced OR a minimum of nine (5) years of broad technical experience within IT or cybersecurity for Information Security Analyst – Senior

  • Deep knowledge of NIST Cybersecurity Framework in addition to NIST security control, risk management and risk assessment frameworks and practices (e.g. 800-53, 800-37, 800-30) is preferred.

  • Strong knowledge and experience designing, implementing, supporting, or auditing security controls for operational information systems.

  • Strong knowledge of common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.

  • Strong knowledge and experience working in an Enterprise Agile and DevSecOps environment is preferred.

  • Experience leading or supporting development, documentation and maintenance of security policies, processes or procedures

  • Highly effective written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and non-technical audiences across all levels of the organization.

  • Highly effective prioritization capabilities with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part.

  • Highly effective organization, time management, and attention to detail

  • Highest commitment to delivering a great customer experience with a personal and professional value system consistent with the culture and values of the Bank and the Federal Reserve System.

  • Professional cybersecurity certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials.

Additional Information:

Full Salary Range: $106,900 - $133,684 - $160,400 Annual

Salary offer will be based on qualifications/experience of the candidate, alignment with market data, the needs of the position, our total compensation package, and internal equity.

Our total rewards program offers benefits that are the best fit for you at every stage of your career:

  • Comprehensive healthcare options (Medical, Dental, and Vision)

  • 401(k) match, and a fully funded pension plan

  • Paid time off and holidays

  • Free public transportation passes

  • Annual educational assistance

  • On-site fitness facility

  • Professional development programs, training, and conferences

  • And more…

The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From economists to cash specialists, we work together to represent you in our economy.

Full Time / Part Time

Full time

Regular / Temporary


Job Exempt (Yes / No)


Job Category

Information Technology

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice