Sr. IT Risk Specialist
Federal Reserve Bank
- San Francisco, CA
- Permanent
- Full-time
- Partner with S+C colleagues to develop institution-specific risk assessments and supervisory strategies, including involvement in scoping and vetting processes, by providing subject matter expertise to influence and guide supervisory decision making.
- Lead efforts to identify and monitor emerging risks, issues, trends and developments, and to assess their impact on the banking industry and the SF Fed’s supervisory program.
- Lead and participate in IT examinations of institutions with elevated IT/cybersecurity risk exposure.
- Collaborate on and lead cross-portfolio assessments of IT risk.
- Maintain a high level of subject matter expertise in cybersecurity/information security, cloud computing, IT operations, IT risk management, and IT internal audit, as well as supervisory expectations, industry practices, and emerging trends in those areas.
- Exhibit the expertise to assess business resiliency and third party (vendor) risk management from a cybersecurity perspective.
- Actively engage within District and System working groups to influence the development of IT focused supervision practices and programs. Liaise with Board of Governors and System risk experts regularly on emerging risks, risk management practices and changes in supervision policies, procedures, tools or guidance.
- Understand and communicate risk management expectations for IT infrastructures. Evaluate, interpret, and communicate governmental, industry, and other macro developments associated with IT and cybersecurity risk exposures.
- Prepare and deliver written analyses and presentations on firm specific as well as broader industry trends or emerging risks. Provide briefings to senior District and System staff and others in the supervisory community.
- Prepare informative, well-supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings, including required actions to banks’ senior management and boards of directors.
- Provide coaching, training, and mentoring to colleagues.
- Present to industry groups as part of outreach efforts.
- Consistently demonstrate the following critical behavioral competencies: collaboration, critical thinking, influence, and leadership.
- Bachelor’s degree in business, economics, technology, or related fields of study (or equivalent work experience).
- Typically requires eight or more years of direct or comparable banking, financial industry or banking supervision experience with bank examinations, internal audit, or in conducting control assessments at a banking organization or consulting firm.
- Knowledge of and experience evaluating cybersecurity, information security and technology risks facing complex financial institutions and prudent practices for managing those risks, using common frameworks, such as FFIEC, NIST, and ISO.
- Strong analytical and critical thinking skills demonstrated by the ability to assimilate new information, understand complex topics, and produce sound analysis.
- Excellent written and verbal communication skills and the ability to synthesize complex ideas and explain them clearly.
- Ability to think strategically, bringing a broad perspective on how to translate ideas into executable actions.
- Ability to thrive as a member of a team and to build collaborative working relationships with colleagues across teams and at different levels.
- Strong organizational skills, project management skills and attention to detail.
- Ability to travel up to 25 percent.
- This position requires access to confidential supervisory information, which is limited to “Protected Individuals.” Protected Individuals include, but are not limited to, U.S. citizens and U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so or who will sign a declaration of intent to apply for naturalization before they begin employment.
- An active commission from a bank regulatory agency (e.g., Federal Reserve, FDIC, OCC).
- Professional designations, such as the CRISC, CISM, CISA, CISSP, and the CIA certifications.
- Experience performing IT examination work at community, regional, and/or large banking organizations.