Information Technology/Operational Risk Specialist

Federal Reserve Bank San Francisco , CA 94118

Posted 2 months ago

The Federal Reserve Bank of San Francisco believes in the diversity of our people, ideas, and experiences and we are committed to building an inclusive culture that is representative of the communities we serve.

Job Summary:

The Financial Institution Supervision and Credit (FISC) Division is responsible for the supervision and regulation of state member banks, bank holding companies, savings and loan holding companies, financial holding companies, data service providers, trust companies, and foreign banking organizations that operate in the 12th District. Supervised institutions are located in all states of the District and range in size and complexity from small community organizations to some of the largest banking organizations in the country.

An excellent opportunity exists in the Regional Institution Group (RIG) for an individual with a strong background in Information Technology (IT) and related areas of Operational (Ops) Risk within financial services companies and banking organizations. The position emphasizes monitoring and assessment of IT and Op Risk including: information systems, cybersecurity and data management, and other risk relating to services, such as payments systems, third party vendor management, regulatory reporting, and brokerage/treasury operations. The IT/OR Specialist will report to the Central Point of Contact (CPC) for SVB Financial Group - a multi-state, multinational regional banking organization (RBO) with $60 billion in total on balance sheet assets as of March 31, 2019; however, will be a key member of FISC's RBO supervision program, with accountability for assessing and tailoring IT and Ops risk supervision (i.e., portfolio risk-tiering and leading/participating in supervisory events) activities across the System's largest district RBO portfolio.

A qualified candidate will possess expertise in assessing or managing technology, information security, data and data governance, and cybersecurity risks. Additionally, a strong working background in assessing or managing enterprise risk management, corporate governance, and project management in a regional or large bank environment is an essential complement to providing a robust supervisory assessment. Finally, the ability to collaborate with other risk specialists covering credit, market, liquidity, legal and compliance risks, as part of the RIG portfolio's consolidated supervisory plan, is essential.

Job Duties:

The IT/Ops Risk Specialist owns the IT/Ops risk assessment and monitoring responsibilities across RIG's portfolio. Specific duties of the IT/Ops Risk Specialist include:

  • Leading the cross-portfolio risk assessment process for IT/Ops risk, and making risk-tailored recommendations for continuous monitoring, supervisory events and event staffing.

  • Performing routine continuous monitoring of portfolio RBOs, on a risk-assessed basis, including monitoring trends and developments through the review of internal risk management reports, regulatory surveillance reports, regulatory filings, and regular interaction with senior company officials, other regulators, and internal auditors.

  • Developing supervisory documents such as continuous monitoring reports, MIS and metrics, and issues tracking.

  • Leading the planning, execution, and report writing for targeted IT/Ops examinations as the examiner-in-charge, as well as participating on full-scope examinations as a contributing member.

  • Evaluating governing oversight, including policies, procedures, and controls used by RBOs to ensure compliance with national and international requirements, such as Gramm-Leach-Bliley Act 501(b) and General Data Protection Regulation.

  • Performing transaction testing to evaluate the prudence of strategic planning, the effectiveness of risk management processes, and the quality of management information reporting practices.

  • Assessing the technical expertise of IT/Ops staff and management, as well as the independence and effectiveness of the audit function.

  • Conducting monitoring of institutional efforts to achieve compliance with applicable enforcement actions.

  • Maintaining a high level of subject matter expertise and keeping abreast of emerging issues of particular relevance to the District, including foreign exchange and nontraditional payment systems and FinTech developments impacting the delivery of financial services.

  • Providing mentoring and on-the-job training to examiners during examination assignments and in other forums as needed.

  • Participating actively in unit and System groups and discussions by sharing experiences and perspectives.

Job Requirements:

  • Be a U.S. Citizen, U.S. National, or hold a permanent resident/green card with intent to become a U.S. Citizen.

  • Bachelor's degree required.

  • Minimum of four or more years of direct or comparable banking, financial industry, or banking supervision experience, with a focus in IT/Ops.

  • Ability to travel 40 to 60 percent.

  • An understanding of business risks, risk management, and banking principles.

  • Strong verbal and written communication skills.

  • Intermediate to advanced familiarity with the Microsoft Office suite, including Microsoft Word, Excel and Power Point.

  • Ability to engage in difficult discussions with internal and bank staff.

  • Ability to work independently and as part of a team, as well as to serve as the Examiner-in-Charge of target IT/Ops risk reviews.

  • You should demonstrate the following critical behavioral competencies: influence, critical thinking, collaboration, and leadership.


  • An active commission from a bank regulatory agency (Federal Reserve, FDIC, OCC).

  • Professional certifications, such as the Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Security Professional (CISSP).

  • Experience performing IT/Ops and risk management examination work at regional and/or large banking organizations, as well as institutions with foreign operations.

Why us? We value excellence, integrity, collaboration, diversity, and work/life balance. We offer an excellent benefits package, an alternate work schedule, tuition reimbursement and an opportunity to work on a great team.

The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer. Our people proudly reflect the diversity and the ideas of the community we serve.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Technology Risk Specialist

Federal Reserve Bank

Posted 2 weeks ago

VIEW JOBS 5/21/2020 12:00:00 AM 2020-08-19T00:00 The Federal Reserve Bank of San Francisco believes in the diversity of our people, ideas, and experiences and is committed to building an inclusive culture that is representative of the communities we serve. Overview The Federal Reserve Bank of San Francisco's (FRBSF) Department of Financial Institution Supervision and Credit (FISC) is seeking a highly motivated individual to join its Risk Specialist Team (RST) within the Risk, Policy and Analysis Group to serve as a member of its Information Technology (IT) Team. FISC supervises financial institutions in the 12th District. Our mission is to ensure a safe, sound, and accessible financial system. In this role, you will provide subject matter expertise in IT-related areas to FISC's Large Institution Supervision Group (LISG), which is responsible for monitoring and assessing the safety and soundness of large domestic banking institutions, U.S. operations of foreign banking organizations, and significant bank service providers in the District. These 12th District firms include Charles Schwab Corporation, Mitsubishi UFJ Financial Group, and Visa. You will also participate in supervisory activities in other Districts across the Federal Reserve System (System), including a wide range of horizontal (cross-firm) reviews. In addition, you may conduct outreach activities and provide training within the supervisory community and to industry groups, as well as contribute to various System risk affinity, monitoring, and coordination groups, and the development of related supervisory strategies and examination procedures. As such, you will closely interact with numerous individuals throughout the supervisory community and executive management of supervised firms. Position Summary In this role, you will lead assessments and examinations over a spectrum of cybersecurity/IT-related topics (e.g., business resiliency, vendor risk management) to determine the effectiveness of a firm's IT risk management program and associated management information systems, and validate remediation efforts of identified issues. Also, you will participate in horizontal reviews in operational resiliency and technologies and risks (e.g., cybersecurity, cloud computing, data governance and artificial intelligence technologies). You will have superb communication skills with the ability to explain complex IT/cybersecurity issues and concepts to diverse audiences. Your collaboration skills and ability to develop strong relationships with senior management, System staff and other regulators and partners is a critical part of this role. Responsibilities * Lead or participate in risk-focused examinations at District's firms, providing written conclusions and findings for inclusion in supervisory reports. * Lead or participate in horizontal and out-of-District examinations in area of expertise to develop peer perspective. * Lead or participate in Federal Reserve System and local IT initiatives related to training, committees and contribute to the development of policies to enhance the supervision of financial firms. * Develop and maintain expertise in cyber security/information security, cloud computing, IT operations, IT risk management, and IT internal audit, as well as supervisory expectations and industry practices in those areas. * Synthesize information from multiple sources to identify industry trends and emerging issues. Identify the implications of these trends, both at the micro and systemic levels and propose approaches to identified issues. * Develop an understanding of supervisory rating systems applied to large banks (LFI ratings) and service providers (URSIT ratings). Understand the FFIEC framework for supervising service providers and related supervisory expectations contained in the FFIEC IT handbook. * Assist in the development of firm risk assessments and supervisory strategies, and the vetting of exam scopes and findings. Provide briefings to senior FRS staff and others in the supervisory community. * Develop comprehensive, creative and agile approaches to evaluating risks and operational resiliency. Devise methods to more efficiently incorporate FRS data, market-based surveillance products, and technology into the ongoing supervisory process. * Prepare informative, well-supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings, including required actions to senior management and boards of directors. * Prepare and deliver written analyses and presentations on firm specific as well as broader industry trends or emerging risks. * Evaluate developments impacting firms' risk profile through analysis of internal risk management reports and interactions with institution management. Support an overall assessment of a firm's level of operational risk and risk management practices across the firm's enterprise IT environment. * Analyze information security and risk management programs to determine an estimated risk and potential impact to the financial institutions and financial services industry. * Identify emerging institutional, regional, economic, and industry issues and their potential impact. Maintain an awareness of potential changes to key rules, laws and regulations, and supervisory policies. * Maintain strong relationships and liaisons with FRS colleagues, institution management, and other regulatory agencies. * Contributing to System efforts to develop effective IT supervisory policy and guidance, supervisory activities, and IT analysis and thought leadership. * Provide coaching, training, and mentoring of less experienced colleagues. Development Opportunities * Develop and maintain a sound understanding of industry trends, emerging issues and technologies, and peer risk management practices through attending formal training classes and relevant industry conferences, participating in a variety of assignments at diverse institutions, and participating in information sharing opportunities within the supervisory community. * Lead or participate in FRS-wide projects, workshops, and strategic initiatives. * As needed, provide expert commentary on proposed revisions to policy and procedures. * Pursue relevant professional certifications, as needed. Position Requirements * Must be a U.S. Citizen, U.S. National, or hold a permanent resident/green card with intent to become a U.S. Citizen * Bachelor's degree in business, technology, or related fields of study (or equivalent work experience). * Advanced degrees or professional certifications with an emphasis on internal audit or information security (e.g., CRISC, CISM, CISA, CISSP, CIA) or examiner commission are desired. * 7 years of direct or comparable banking, financial industry or experience in bank examinations at a regulatory agency, internal audit, or in conducting control assessments at a banking organization or consulting firm is desired. 10 years' experience required if hired into higher level role. * Advanced knowledge of common frameworks such as FFIEC, NIST, and ISO desired. * Knowledge of, ability to evaluate, and/or willingness to learn, cybersecurity/information security and technology risks facing complex financial institutions and prudent practices for managing those risks. * Strong analytical, problem solving, and project management skills, as well as strong learning agility and the ability to work on a variety of assignments independently with minimal supervision. * Domestic travel and overnight stays is required at approximately 30%, but could be more or less at any given time depending on one's assignment. * We are looking for a candidate who exhibits the following critical behavioral competencies: Leadership, Critical Thinking, Collaboration, Influence, Achievement and Innovation The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer. Federal Reserve Bank San Francisco CA

Information Technology/Operational Risk Specialist

Federal Reserve Bank