Job Details

Job Description:
Senior Information Compliance Specialist to join our Information Security Division - Business Information Security Office.

In this role, you'll make an impact in the following ways:

• Possess deep understanding of the National Institute of Standards and Technology (NIST) Risk Management Framework and supporting legislation such as the Federal Information System Modernization Act of 2014 (FISMA).
• Develop and maintain comprehensive security documentation required by FISMA, including conductive frequent reviews and updates for continued accuracy.
• Coordinate control implementation across all FedRAMP High control families.
• Conduct gap analyses against NIST SP 800-53 controls; drive remediation plans and ensure traceability from control narratives to technical and process evidence.
• Ensures internal controls related to information risk management are effective and drive the review of continued compliance to NIST requirements.
• Lead the Authority to Operate (ATO) processes for information systems.
• Demonstrate a breadth of knowledge of information risk management best practices and a thorough understanding of control and risk management concepts.
• Perform security control assessments, including establishing metrics and measures to assess security control effectiveness, and provide recommendations for any areas of improvement.
• Serve as the primary point of contact for all inquiries pertaining to audits, security documentation, and control compliance.
• Displays the ability to collaborate with team members (technical and non-technical) to ensure issues are addressed and relevant technical risk information is collected.
• Provide briefings on the ATO status, audit findings and remediations, and current control gaps.
• Contribute to reducing the likelihood of negative reputational and regulatory due to non-compliance with the Bank's information risk management policies and standards, including local procedures specific to the assigned business/business partner areas.
• Identify and assess potential threats and vulnerabilities.
• Prepare and coordinate the evidence required for audits, including responding to any audit findings.

• Bachelor's degree in information security, computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
• 8+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
• Experience with federal compliance preferred.
• Demonstrated experience managing or executing successful ATO processes preferred.
• zure-focused security experience (Defender for Cloud, Sentinel, Azure Policy/Blueprints, Key Vault, Private Link, Purview).
• Demonstrated deep understanding of FedRamp High and FISMA requirements; and NIST special publications (800-53, 800-37, 800-171).
• Experienced with security compliance to IRS 1075 requirements.
• Excellent decision-making skills, moral/ethical standards, teamwork/collaboration, multitasking, and attention to detail.
• Exceptional organization and process management skills.
• Certified Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA) security certification preferred.
• Strong knowledge of the Risk Management Framework (RMF).
• Proficiency in M365 applications.

• Duration: 12-month contract opportunity
• Hybrid Work Model: 4 days onsite required weekly in NYC or Washington DC
• Shift: Monday - Friday, 8AM - 5PM EST
• Rate Range: $90-95/hr. W2 (based on experience)