Sr. It Risk Specialist

CompanyFederal Reserve Bank of San Francisco

We are the San Francisco Fed, public servants with a congressionally mandated mission to advance the nation’s monetary, financial, and payment systems to build a stronger economy for all Americans. We are a community-engaged bank, and we are committed to understanding and serving the vibrant, diverse people of the Twelfth District. That means we seek and appreciate new perspectives. We respect people for what they do and for who they are. We build opportunities to learn and grow. When you join the SF Fed, you become part of a team united in its purpose to promote an economy that works for everyone. We empower our people to balance their life and work responsibilities. That’s why we offer a flexible hybrid work model that allows you to collaborate with office colleagues on some days, and work from home on others.

Are you passionate about protecting the U.S. financial system from the threat of malicious cyber attackers? Do you have a strong understanding of information technology and cybersecurity risk management principles? Would you like to join leaders with vision in influencing and implementing the future of bank supervision? If so, then this opportunity is for you.

We need you, an experienced Senior IT Risk Specialist to join the Portfolio Risk Management – Non-Financial Risk (PRM-NFR) Team within the Risk, Policy, and Analysis Group of the SF Fed’s Supervision and Credit (S+C) Department. In this role, you will lead ongoing monitoring of IT risk across the regional and community banking portfolios within our District through risk management assessments and examinations.

You will serve as a subject matter expert and be responsible for assessing financial institutions’ IT risk management programs to ensure they are operating in a safe and sound manner and complying with applicable laws, regulations, and policy statements. You will have superb communication skills with the ability to explain complex IT and cybersecurity issues and concepts to diverse audiences. Your collaboration skills and ability to develop strong relationships with senior management, Federal Reserve System (System) staff and other regulators and partners will be a critical part of this role.

Essential Responsibilities:

• Partner with S+C colleagues to develop institution-specific risk assessments and supervisory strategies, including involvement in scoping and vetting processes, by providing subject matter expertise to influence and guide supervisory decision making.
• Lead efforts to identify and monitor emerging risks, issues, trends and developments, and to assess their impact on the banking industry and the SF Fed’s supervisory program.
• Lead and participate in IT examinations of institutions with elevated IT/cybersecurity risk exposure.
• Collaborate on and lead cross-portfolio assessments of IT risk.
• Maintain a high level of subject matter expertise in cybersecurity/information security, cloud computing, IT operations, IT risk management, and IT internal audit, as well as supervisory expectations, industry practices, and emerging trends in those areas.
• Exhibit the expertise to assess business resiliency and third party (vendor) risk management from a cybersecurity perspective.
• Actively engage within District and System working groups to influence the development of IT focused supervision practices and programs. Liaise with Board of Governors and System risk experts regularly on emerging risks, risk management practices and changes in supervision policies, procedures, tools or guidance.
• Understand and communicate risk management expectations for IT infrastructures. Evaluate, interpret, and communicate governmental, industry, and other macro developments associated with IT and cybersecurity risk exposures.
• Prepare and deliver written analyses and presentations on firm specific as well as broader industry trends or emerging risks. Provide briefings to senior District and System staff and others in the supervisory community.
• Prepare informative, well-supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings, including required actions to banks’ senior management and boards of directors.
• Provide coaching, training, and mentoring to colleagues.
• Present to industry groups as part of outreach efforts.
• Consistently demonstrate the following critical behavioral competencies: collaboration, critical thinking, influence, and leadership.

Requirements:

• Bachelor’s degree in business, economics, technology, or related fields of study (or equivalent work experience).
• Typically requires eight or more years of direct or comparable banking, financial industry or banking supervision experience with bank examinations, internal audit, or in conducting control assessments at a banking organization or consulting firm.
• Knowledge of and experience evaluating cybersecurity, information security and technology risks facing complex financial institutions and prudent practices for managing those risks, using common frameworks, such as FFIEC, NIST, and ISO.
• Strong analytical and critical thinking skills demonstrated by the ability to assimilate new information, understand complex topics, and produce sound analysis.
• Excellent written and verbal communication skills and the ability to synthesize complex ideas and explain them clearly.
• Ability to think strategically, bringing a broad perspective on how to translate ideas into executable actions.
• Ability to thrive as a member of a team and to build collaborative working relationships with colleagues across teams and at different levels.
• Strong organizational skills, project management skills and attention to detail.
• Ability to travel up to 25 percent.
• This position requires access to confidential supervisory information, which is limited to “Protected Individuals.”  Protected Individuals include, but are not limited to, U.S. citizens and U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so or who will sign a declaration of intent to apply for naturalization before they begin employment.

Preferred:

• An active commission from a bank regulatory agency (e.g., Federal Reserve, FDIC, OCC).
• Professional designations, such as the CRISC, CISM, CISA, CISSP, and the CIA certifications.
• Experience performing IT examination work at community, regional, and/or large banking organizations.

#LI-Hybrid

Base Salary Range: Min: $151,500  Mid: $196,700  Max: $241,900 (Location: San Francisco)

Final salary and offer will be determined by the applicant’s background, experience, skills, internal equity, and alignment with geographic and other market data.

At the Federal Reserve Bank of San Francisco, we offer a wonderful benefits package including Medical, Dental, Vision, Pretax Flexible Spending Account, Paid Family Leave Care, Backup Child Care Program, Pretax Day Care Flexible Spending Account, Vacation Days, Sick Days, Paid Holidays, Pet Insurance, Matching 401(k), and an unheard-of Retirement / Pension.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

At the SF Fed, we believe in the diversity of our people, ideas, and experiences and are committed to building an inclusive culture that is representative of the communities we serve. The SF Fed is an Equal Opportunity Employer.

The Bank's ethics rules generally prohibit employees, their spouses/domestic partners, and minor children from owning securities, such as stock, of banks or savings associations or their affiliates, such as bank holding companies and savings and loan holding companies.  Employees in the S+C group also must ensure there are no conflicts of interest related to their previous employment and current financial interests.  S+C employees may be subject to borrowing and deposit restrictions and may need to recuse themselves from certain supervisory work.  Please review Section 5.3 and Appendix B of the Bank’s Code of Conduct to ensure compliance with the Code of Conduct conflict of interest rules and personal investment restrictions.

Full Time / Part TimeFull timeRegular / TemporaryRegularJob Exempt (Yes / No)YesJob CategoryBank ExaminationWork ShiftFirst (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice