Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.
Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.
Under the integrated technology function within Risk Management, the Principal, Cybersecurity Risk Oversight will drive governance, risk management activities, and project management across Fannie Mae’s second-line of defense for Enterprise Data Management as part of the DTCR (Data, Technology, Cybersecurity, and Resiliency) Risk Management Office. The incumbent will provide effective oversight and challenge of risk management activities. This position is responsible for cross-functional technology-related initiatives for risk oversight, identification, assessment, and monitoring.
KEY JOB FUNCTIONS
- Develop and oversee implementation of an effective Data Management risk management framework.
- Leverage knowledge of the mortgage industry, mortgage product types and mortgage securitization to ensure effective management of risk associated with Data Management.
- Actively identify, assess, respond to risks associated with Data Management as appropriate.
- Identify gaps and inform solutions identified resulting from inadequate internal processes, systems or human errors associated with Data Management.
- Understand, adhere to and bolster Data Management risk governance across the Data Ecosystem including the implementation of the three lines of defense model.
- Inform policies, standards and procedures for Data Management across the Data Ecosystem to maximize efficiency and minimize risk exposure.
- Regarding Data Oversight across the Data Ecosystem, directly confer with business unit management and staff by scoping business problems, analyzing processes, risk exposure and sharing lessons learned. Identify problem drivers and reinforce operational procedures with appropriate internal controls.
- Lead and manage project and risk management-related activities that provide horizontal support across the Data, Technology, Cyber, and Resiliency (DTCR) risk domains.
- Partner with risk partners and other second-line enterprise risk management functions to drive meaningful Data Management risk reductions and escalation of risks, as needed.
- Provide consultation to second-line risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies (including risk appetite, RCSA).
- Comprehensively assess risks and gather insights from issues and events across technology business areas to provide an aggregated risk assessment.
- Design, influence, and oversee implementation of internal governance processes (includes reporting, issue management, policy/standard review, risk identification, risk assessments, and risk monitoring).
- Manages use of tools by which Data Management risk owners identify new, top, emerging, or changing risks stemming from business activities or external events. Tools include Risk and Control Self-Assessments (RCSA), risk opinions for Key Business Decisions (KBD), and Top Risk Identification in accordance with policies and standards.
- Confer with first-line management and risk partners to assess technology capabilities, analyzing processes, and risk exposure to drive the implementation of appropriate risk management controls across the Data Ecosystem.
- Review technology and risk management processes; examine documentation and flow to identify ways to improve and streamline risk mitigation processes.
- Leads presentations and workshop sessions on Data Management risk management activities, process analysis, risk identification, assessment, control, and mitigation.
- Bachelor degree or equivalent experience
- Master's degree in IT/IS/Computer Science preferred
- 10+ years of related Data and Risk experience; 15+ preferred
- Relevant work within a Chief Data Officer team in a financial services, capital markets, insurance organization or in a data focused role within a regulatory organization
- Demonstrated ability to function in this role in a large and complex organization
- Demonstrated strong leadership, planning and project management skills, with long-term potential to contribute broadly at the executive level. Strong project management skills. Empowers others, builds confidence, and demonstrates a positive and energizing style
SPECIALIZED KNOWLEDGE & SKILLS
- Possess superior communication skills, relationship management, and goal-oriented mindset
- Demonstrate process facilitation, process management and improvement skills
- Demonstrate the ability to design, build and manage more complex risk management initiatives to mitigate risk across the Data Ecosystem effectively working directly with business line management
- Demonstrate strong process facilitation, process management and improvement skills
- Strong analytical skills in ability to interpret data, derive analytical insights from data and use tools as necessary (e.g., for testing and monitoring)
- Must possess business acumen and credibility to help business line(s) proactively identify and address changing risk profile
- Strategic Perspective - Demonstrate the relationship of Data Management to Corporate Strategy and how successful management of the Data Ecosystem contributes to the success of Corporate Strategy regardless of platform (On-Premise, End User Computing Systems, Cloud Computing)
- Experience with Metadata Management - Data Glossary and Metadata Repository; Key Data Elements (KDEs) and Quality Rules; Standards, Processes, Tools; Reference Data and Master Data Management - Definition of and Management of Valid Values; Party, Securities, & People Master Data; Management, Tools, Processes, Required Governance
- Experience with Data Quality - Standards, Processes, Tools; Integrated Data Quality; Quality Validation / Streaming Data Quality; Data Metrics (Operational, Compliance, KRI, EWI, etc.); Data Architecture (on-premise and cloud) - Relevant Patterns, Processes; Authoritative Sources; Data Domains; Data Model; Data Warehousing & Business Intelligence Management; Data Operations - Data Issues; Monitoring, Metrics; Interface Registration and Data Lineage
As a condition of employment with Fannie Mae, any successful job applicant will be required to successfully complete a background investigation.
Fannie Mae is an Equal Opportunity Employer.
Req ID: 59164