Information Technology (IT) Risk Management, Dir.

Job Description : Background :

The Federal Home Loan Bank of San Francisco ("Bank") is a cooperative, wholesale bank that provides liquidity to its members and helps meet community credit needs through credit products and services to member financial institutions over all phases of the economic cycle. The Bank's members include commercial banks, credit unions, industrial loan companies, savings institutions, insurance companies, and community development financial institutions headquartered in Arizona, California, and Nevada. The Bank is member focused; embraces accountability to meet commitments and uphold our governance, risk and control standards as a government sponsored enterprise; and values differences to foster an inclusive culture.

The role of the Director, IT Risk Management (ITRM) within the Enterprise Risk Management (ERM) is to support the Bank in continuing to mature and execute the Bank's IT Risk Management practices. Our goal is to provide an enterprise-wide risk framework and centralized oversight and governance for IT and Information Security (IS) activities, and to drive greater transparency and inform risk-based decision-making across the Bank. Additionally, the role will be responsible for executing the risk-based IT and IS assessment activities for the in-scope Business Units (BU), processes, and technologies / tools.

Success in this role entails working closely with the Risk, IT, and IS teams to socialize risk concepts and frameworks, and promote the organizations' risk culture. Additionally, this role must have the ability to adapt previous experience and industry leading practices to fit the Bank. The position also partners with functional and operational leadership in the development of risk mitigation plans, consistent with the Bank's ERM framework. The role will be an integral part of a risk management team that encourages creativity, leadership, and influence.

Primary Responsibilities :

Under the direction of the Senior Director, IT and EUC Risk Management, the essential responsibilities for this role will be the following :

• Help mature and execute an IT and IS risk management framework using industry leading practices (e.g., NIST CSF, COBIT, and Cloud Security Alliance) and take into consideration regulatory expectations.
• Review processes and controls against leading practices, industry frameworks, and regulations, identify gaps in design and execution, communicate issues and recommendations, and monitor remediation efforts.
• Drive common Process, Risk, and Control taxonomies for the Bank, including IT and IS, to improve operational efficiency.
• Leverage the Bank's ERM, ORM / ITRM frameworks and partner with IT and IS teams to execute IT and IS risk assessments - including Inherent Risk Assessments (IRA), Operational Risk Assessments (ORA), FedLine Advantage Assessment, AWS assessment, and other in-depth technology and process assessments - identify gaps, document action plans, and perform validation as appropriate.
• Assist in Operational integrated risk assessments by leading the technology aspects of the IRAs and ORAs for the in-scope BUs.
• Partner with the ERM / ORM teams and lead the effort to review and refresh ORM / ITRM Policy and Procedures, at a minimum, on an annual basis.
• Assist ERM leadership to update Risk Appetite Framework annually or as needed. Help define and enhance Key Risk Indicators (KRI) and their tolerances, generate or review metrics and Key Takeaways in the Enterprise Risk Report (ERR).
• Lead the investigation and documentation of IT and IS related Operational Events. Validate remediation actions when completed.
• Prepare and present IT Risk Management updates to Committees as appropriate
• Assist with communication and escalation of significant IT / IS risks and issues to the appropriate management, and monitor corrective actions to address issues, where needed.

In addition, this role may be asked to complete the following tasks :

Critical Competencies :

SALARY RANGE : $175K - $210K

The Federal Home Loan Bank of San Francisco is committed to the principles of equal opportunity in employment (e.g., employees, applicants) and in contracting (e.g., suppliers, vendors) regardless of race, color, religion, sex, national origin, disability status, genetic information, age, sexual orientation, gender identity, status as a parent, or any other characteristic protected by law. We are committed to cultivating a workplace free of unlawful discrimination, harassment, and retaliation, and are dedicated to fostering vibrant communities by serving as a reliable source of liquidity and resources for affordable housing and economic development.

Salary ranges reflect the base salary that the Bank reasonably expects to pay for a given role and is not inclusive of annual incentive award opportunities, retirement benefits or the value of other health and welfare or other ancillary benefits. We consider many factors when determining base salaries such as individual background and experience, the competitive environment, education, particular skill set(s), and industry and institutional knowledge.

The Bank is committed to offering all team members challenging and engaging work with market competitive pay, retirement, and benefit offerings. In support of this commitment, the Bank routinely engages in market competitive benchmarking surveys and analysis to ensure our team members continue to be paid fairly and competitively.