Senior IT Risk Specialist

Company Federal Reserve Bank of San Francisco At the Federal Reserve Bank of San Francisco, we believe in the diversity of our people, ideas, and experiences and are committed to building an inclusive culture that is representative of the communities we serve. Are you passionate about protecting the U.S. financial system from the threat of malicious cyber attackers? Do you have a strong understanding of information technology and cybersecurity risk management principles? Would you like to join thought leaders in influencing and implementing the future of bank supervision? If so, then this opportunity is for you! We need you, an experienced Senior IT Risk Specialist to join the Portfolio Risk Management – Non–Financial Risk Team within the Risk, Policy, and Analysis Group of the SF Fed's Supervision and Credit (S+C) Department. You will lead ongoing monitoring of IT risk across the regional and community banking portfolios within our District through risk management assessments and examinations. You will serve as a subject matter expert and be responsible for assessing financial institutions' IT risk management programs to ensure they are operating in a safe and sound manner and complying with applicable laws, regulations, and policy statements. You will have superb communication skills with the ability to explain complex IT and cybersecurity issues and concepts to diverse audiences. Your collaboration skills and ability to develop strong relationships with senior management, Federal Reserve System (System) staff and other regulators and partners will be a critical part of this role. Highlights of Responsibilities: Partner with S+C colleagues to develop institution–specific risk assessments and supervisory strategies, including involvement in scoping and vetting processes, by providing subject matter expertise to influence and guide supervisory decision making. Lead efforts to identify and monitor emerging risks, issues, trends and developments, and to assess their impact on the banking industry and the SF Fed's supervisory program. Lead and participate in IT examinations of institutions with elevated IT/cybersecurity risk exposure. Collaborate on and lead cross–portfolio assessments of IT risk. Maintain a high level of subject matter expertise in cybersecurity/information security, cloud computing, IT operations, IT risk management, and IT internal audit, as well as supervisory expectations, industry practices, and emerging trends in those areas. Exhibit the expertise to assess business resiliency and third party (vendor) risk management from a cybersecurity perspective. Actively engage within District and System working groups to influence the development of IT focused supervision practices and programs. Liaise with Board of Governors and System risk experts regularly on emerging risks, risk management practices and changes in supervision policies, procedures, tools or guidance. Evaluate, interpret, and communicate governmental, industry, and other macro developments associated with IT and cybersecurity risk exposures. Prepare and deliver written analyses and presentations on firm specific as well as broader industry trends or emerging risks. Provide briefings to senior District and System staff and others in the supervisory community. Prepare informative, well–supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings, including required actions to banks' senior management and boards of directors. Provide coaching, training, and mentoring to colleagues. Present to industry groups as part of outreach efforts. Consistently demonstrate the following critical behavioral competencies: collaboration, critical thinking, influence, and leadership. Qualifications: Bachelor's degree in business, economics, technology, or related fields of study (or equivalent work experience). Typically eight or more years of direct or comparable banking, financial industry or banking supervision experience with bank examinations, internal audit, or in conducting control assessments at a banking organization or consulting firm. Knowledge of and experience evaluating cybersecurity, information security and technology risks facing complex financial institutions and prudent practices for managing those risks, leveraging common frameworks, such as FFIEC, NIST, and ISO. Strong analytical and critical thinking skills demonstrated by the ability to assimilate new information, understand complex topics, and produce sound analysis. Excellent written and verbal communication skills and the ability to synthesize complex ideas and explain them clearly. Ability to think strategically, bringing a broad perspective on how to translate ideas into executable actions. Ability to thrive as a member of a team and to build collaborative working relationships with colleagues across teams and at different levels. Strong organizational skills, project management skills and attention to detail. This position requires access to confidential supervisory information, which is limited to "Protected Individuals." Protected Individuals include, but are not limited to, U.S. citizens and U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so or who will sign a declaration of intent to apply for naturalization before they begin employment. Ability to travel up to 25 percent; however, the System will be conducting all supervisory activities offsite until personal safety due to COVID–19 is reasonably assured, and we are anticipating lower overall travel for supervisory activities following the pandemic. All employees must be fully vaccinated against COVID–19 or qualify for an accommodation from the Bank's vaccination policy; the Bank will provide accommodations as required by law for individuals unable to be vaccinated due to medical condition or sincerely held religious belief. Preferred: An active commission from a bank regulatory agency (e.g., Federal Reserve, FDIC, OCC). Professional designations, such as the CRISC, CISM, CISA, CISSP, and the CIA certifications. Experience performing IT examination work at community, regional, and/or large banking organizations. Benefits: We offer a wonderful benefits package including: Medical, Dental, Vision, Pre–tax Flexible Spending Account, Backup Child Care Program, Pre–Tax Day Care Flexible Spending Account, Paid Family Care Leave, Vacation Days, Sick Days, Paid Holidays, Pet Insurance, Matching 401(k), and a Retirement / Pension. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer. Full Time / Part Time Full time Regular / Temporary Regular Job Exempt (Yes / No) Yes Job Category Bank Examination Work Shift First (United States of America) The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences. Privacy Notice