Sr. IT Risk Specialist
Company
Federal Reserve Bank of San FranciscoWe are the San Francisco Fed, public servants with a congressionally mandated mission to advance the nation’s monetary, financial, and payment systems to build a stronger economy for all Americans.
We are a community-engaged bank, and we are committed to understanding and serving the vibrant, diverse people of the Twelfth District.
That means we seek and appreciate new perspectives. We respect people for what they do and for who they are. We build opportunities to learn and grow.
When you join the SF Fed, you become part of a team united in its purpose to promote an economy that works for everyone.
We empower our people to balance their life and work responsibilities. That’s why we offer a flexible hybrid work model that allows you to collaborate with office colleagues on some days, and work from home on others.
Are you passionate about protecting the U.S. financial system from the threat of malicious cyber attackers? Do you have a strong understanding of information technology and cybersecurity risk management principles?
Would you like to join leaders with vision in influencing and implementing the future of bank supervision? If so, then this opportunity is for you.
We need you, an experienced Senior IT Risk Specialist to join the Portfolio Risk Management Non-Financial Risk (PRM-NFR) Team within the Risk, Policy, and Analysis Group of the SF Fed’s Supervision and Credit (S+C) Department.
In this role, you will lead ongoing monitoring of IT risk across the regional and community banking portfolios within our District through risk management assessments and examinations.
You will serve as a subject matter expert and be responsible for assessing financial institutions’ IT risk management programs to ensure they are operating in a safe and sound manner and complying with applicable laws, regulations, and policy statements.
You will have superb communication skills with the ability to explain complex IT and cybersecurity issues and concepts to diverse audiences.
Your collaboration skills and ability to develop strong relationships with senior management, Federal Reserve System (System) staff and other regulators and partners will be a critical part of this role.
Essential Responsibilities :
- Partner with S+C colleagues to develop institution-specific risk assessments and supervisory strategies, including involvement in scoping and vetting processes, by providing subject matter expertise to influence and guide supervisory decision making.
- Lead efforts to identify and monitor emerging risks, issues, trends and developments, and to assess their impact on the banking industry and the SF Fed’s supervisory program.
- Lead and participate in IT examinations of institutions with elevated IT / cybersecurity risk exposure.
- Collaborate on and lead cross-portfolio assessments of IT risk.
- Maintain a high level of subject matter expertise in cybersecurity / information security, cloud computing, IT operations, IT risk management, and IT internal audit, as well as supervisory expectations, industry practices, and emerging trends in those areas.
- Exhibit the expertise to assess business resiliency and third party (vendor) risk management from a cybersecurity perspective.
- Actively engage within District and System working groups to influence the development of IT focused supervision practices and programs.
Liaise with Board of Governors and System risk experts regularly on emerging risks, risk management practices and changes in supervision policies, procedures, tools or guidance.
- Understand and communicate risk management expectations for IT infrastructures. Evaluate, interpret, and communicate governmental, industry, and other macro developments associated with IT and cybersecurity risk exposures.
- Prepare and deliver written analyses and presentations on firm specific as well as broader industry trends or emerging risks.
Provide briefings to senior District and System staff and others in the supervisory community.
- Prepare informative, well-supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings, including required actions to banks’ senior management and boards of directors.
- Provide coaching, training, and mentoring to colleagues.
- Present to industry groups as part of outreach efforts.
- Consistently demonstrate the following critical behavioral competencies : collaboration, critical thinking, influence, and leadership.
Requirements :
- Bachelor’s degree in business, economics, technology, or related fields of study (or equivalent work experience).
- Typically requires eight or more years of direct or comparable banking, financial industry or banking supervision experience with bank examinations, internal audit, or in conducting control assessments at a banking organization or consulting firm.
- Knowledge of and experience evaluating cybersecurity, information security and technology risks facing complex financial institutions and prudent practices for managing those risks, using common frameworks, such as FFIEC, NIST, and ISO.
- Strong analytical and critical thinking skills demonstrated by the ability to assimilate new information, understand complex topics, and produce sound analysis.
- Excellent written and verbal communication skills and the ability to synthesize complex ideas and explain them clearly.
- Ability to think strategically, bringing a broad perspective on how to translate ideas into executable actions.
- Ability to thrive as a member of a team and to build collaborative working relationships with colleagues across teams and at different levels.
- Strong organizational skills, project management skills and attention to detail.
- Ability to travel up to 25 percent.
- This position requires access to confidential supervisory information, which is limited to Protected Individuals. Protected Individuals include, but are not limited to, U.
S. citizens and U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so or who will sign a declaration of intent to apply for naturalization before they begin employment.
Preferred :
- An active commission from a bank regulatory agency (e.g., Federal Reserve, FDIC, OCC).
- Professional designations, such as the CRISC, CISM, CISA, CISSP, and the CIA certifications.
- Experience performing IT examination work at community, regional, and / or large banking organizations.
LI-Hybrid
Base Salary Range : Min : $151,500 Mid : $196,700 Max : $241,900 (Location : San Francisco)
Final salary and offer will be determined by the applicant’s background, experience, skills, internal equity, and alignment with geographic and other market data.
Full Time / Part Time
Full time
Regular / Temporary
Regular
Job Exempt (Yes / No)
Job Category
Bank Examination
Work Shift
First (United States of America)