Responsible for management and execution of the Bank's information security systems and controls. This role will contribute to maintaining an information security program that supports comprehensive monitoring and compliance verification. This role reports directly to the Managing Director, Information Security Operations & Awareness. The Associate Director will play a primary support role in event triage and incident response by monitoring the SIEM (and other) alerts generated by security tools.The Associate Director will use their experience and knowledge to ensure the Bank is secure through the implementation of best practices, risk-based security methods, user awareness programs, and other technology and security controls. The Associate Director may also lead select Security Operations functions and is expected to maintain and operate a broad spectrum of technologies, including security software running on Windows and Linux systems, firewalls, and other common detective and preventative security controls, products and services.

Major Accountabilities:

• Analyze and report on the performance of security controls associated with the Bank's Security Program.
• Support the Security Operations team leaders in audits and conduct internal assessments on applicable systems, and provide requested evidence of security control operations.
• Participate in, or lead Security Operations activities such as monitoring and triage of security events, analysis of anomalies, threat hunting, security operation monitoring, and tuning of security systems and tools.
• Implement Security Operations policies, procedures, systems, and processes used by the Bank.
• Review and recommend enhancements for current Securty Operations processes and technology.
• Lead preparation of documentation related to security issues and cyber incidents.
• Promote security awareness through management of newsletter communications, classroom training, and facilitating computer-based training exercises
• Coordindate with Security Engineers and Architects in deploying and maintaining security infrastructure solutions.
• Participate in security vulnerability assessments and penetration tests on Bank systems and applications.
• Participate in periodic policy compliance reviews, risk assessments, and control testing.
• Participate in on-call support for security alerts including, but not limited to, weekends, holidays and after-business hours as required to maintain the strong information security posture of the business.

Skills/Knowledge:

• Required Skills:
  • Familiarity with Windows/Linux /networking security, vulnerability management, cloud security, Identity and Access Management.
  • Understanding of security concepts and hands-on experience with tools such as firewalls, IDS/IPS, SIEM, antivirus/anti-malware, patch management, NAC, DLP, PAM, and vulnerability scanners.
  • Excellent written and verbal communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
  • Minimum of three years of hands-on experience in an equivalent Information Security role. Banking and/or financial services industry experience, a plus.
  • Self-motivated, organized, and able to multi-task and prioritize work
  • Able to acquire proficiency and operate independently within 3 to 4 months

• Additional Desired Skills:
  • Bachelor's or Associate degree in Computer Science, Information Systems or a related field,
  • Industry certification such as: GSEC, CEH, GCIH, and/or CISSP.
  • Previous systems and/or network administration experience
  • Scripting knowledge such as Perl, Python, and/or PowerShell
  • Knowledge of compliance and regulatory program requirements such as ISO 27000, NIST, FISMA, and SOC standards.

SALARY RANGE: $150K - $165K

The Federal Home Loan Bank of San Francisco is an Equal Employment Opportunity employer and is committed to a diverse workforce. We value and actively seek to recruit, develop, and retain individuals with varied backgrounds and experiences reflecting the full diversity of the communities that we serve. It is the policy of the Bank to comply with all applicable laws concerning the employment of persons with disabilities.

Salary ranges reflect the base salary that the Bank reasonably expects to pay for a given role and is not inclusive of annual incentive award opportunities, retirement benefits or the value of other health and welfare or other ancillary benefits. We consider many factors when determining base salaries such as individual background and experience, the competitive environment, education, particular skill set(s), and industry and institutional knowledge.

The Bank is committed to offering all team members challenging and engaging work with market competitive pay, retirement, and benefit offerings. In support of this commitment, the Bank routinely engages in market competitive benchmarking surveys and analysis to ensure our team members continue to be paid fairly and competitively.