Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.
Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.
Under the integrated technology function within Enterprise Operational Risk Management, the Director, Technology Risk Oversight will strategically manage and direct a team of risk professionals to effectively coordinate, communicate, and drive governance, risk management activities, and project management across Fannie Mae?s second-line of defense Data, Technology, Cybersecurity, and Resiliency (DTCR) Risk Management program. The incumbent will primarily direct effective oversight and challenge for Technology Infrastructure and Application operations and management. This position will also collaborate with peer DTCR Directors to deliver cross-functional, end-to-end risk oversight, identification, assessment, and monitoring across all technology related domain areas, including cyber security, business resiliency and data management.
KEY JOB FUNCTIONS
- Directs a team to successfully implement, maintain, and oversee an effective technology infrastructure and applications risk management framework. Develop and maintain strong relationships with risk partners and other second-line enterprise risk management functions to drive meaningful technology-risk reductions and escalation of risks, as needed.
- Partner with second-line risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies (including risk appetite, RCSA). Leverage knowledge of the mortgage industry, mortgage product types and mortgage securitization to ensure effective management of risk.
- Actively identify, assess, respond and escalate risks associated with Technology Infrastructure and Applications, as appropriate. Understand, adhere to and bolster Technology Infrastructure and Applications risk governance across first-line activities including the implementation of the three lines of defense model
- Drives activities designed to comprehensively assess risks and gather insights from issues and events across technology business areas to provide an aggregated risk assessment. Oversees internal governance processes (includes reporting, issue management, policy/standard review, risk identification, risk assessments, and risk monitoring).
- Oversee activities by which risk owners identify new, top, emerging, or changing Technology Infrastructure and Application risks stemming from business activities or external events. Activities include Risk and Control Self-Assessments (RCSA), risk opinions for Key Business Decisions (KBD), and Material Risk Identification in accordance with policies and standards.
- Confer with first-line management and risk partners to assess technology capabilities, analyzing processes, and risk exposure to drive the implementation of appropriate risk management controls. Lead presentations and workshop sessions on Technology Infrastructure and Applications risk management activities, process analysis, risk identification, assessment, control, and mitigation.
- Where required by internal policies or external agencies, develop management, regulatory and internal reporting and monitor risk metrics/indicators. Including, developing and presenting risk perspectives on emerging, changing or out-of-appetite risk profiles for senior management audiences. Inform policies, standards and procedures to maximize effective management of risks related to Technology Infrastructure and Application operations and minimize risk exposure
- Lead team activities to confer with business unit staff by scoping business problems, analyzing processes, risk exposure and sharing lessons learned. Identify problem drivers and reinforce operational procedures with appropriate internal controls. Identify gaps and inform solutions identified resulting from inadequate internal processes, systems or human errors associated with Technology Infrastructure and Applications
- Mentor and coach a team of professionals and provide performance feedback.
- Institute and maintain measures to help ensure the team?s high quality delivery of risk management services and work products.
- Bachelor degree or equivalent
- Masters degree preferred
- ITIL, Agile, Certified Risk Management Professional, Certified Internal Auditor, Certified Information Security Manager, Certified Information Systems Security Professional
- 10+ years of related Technology Infrastructure and Application operations and risk management experience; 15+ years preferred Relevant work within a financial services, capital markets, insurance organization or in an operational risk role within a regulatory organization
SPECIALIZED KNOWLEDGE & SKILLS
- Strong technology operations and risk management knowledge/skills in disciplines such as IT architecture, cloud computing and governance, agile development, secure development operations, IT asset management configuration and change management, production support, networking, systems development, and/or lifecycle development.
- Demonstrated ability to function in a similar role within a large and complex organization
- Excellent communication, team-building, relationship management and interpersonal skills
- Excellent project management skills; self-motivated
As a condition of employment with Fannie Mae, any successful job applicant will be required to successfully complete a background investigation.
Fannie Mae is an Equal Opportunity Employer.
Req ID: 59360