Hiring During COVID-19: Fannie Mae is hiring for all open positions as we deliver on our mission of providing stability, liquidity, and affordability to the housing market during this critical time. All interviews and onboarding are conducted virtually. We look forward to connecting with you. Learn more

Technology Risk Oversight Lead

Job Description


Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.

Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.


Under the integrated technology function within Enterprise Operational Risk Management, this Lead Associate will serve as a risk lead to drive risk management and oversight activities across Fannie Mae?s second-line of defense Data, Technology, Cybersecurity, and Resiliency (DTCR) Risk Management program. You will primarily provide effective oversight and challenge of Technology Infrastructure and Application operations and management. As a risk lead, you may also support cross-functional technology-related initiatives to help provide end-to-end risk oversight, identification, assessment, and monitoring across all technology related domain areas, including cyber security, business resiliency and data management.

  • Maintain an effective Technology Infrastructure and Applications risk management framework
  • Collaborate and interface with risk partners and other second-line enterprise risk management functions to help drive meaningful technology-risk reductions and escalation of risks, as needed. Partner with second-line risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies (including risk appetite, RCSA).
  • Leverage knowledge of the mortgage industry, mortgage product types and mortgage securitization to ensure effective management of risk.
  • Actively identify, assess, respond and escalate risks associated with Technology Infrastructure and Applications, as appropriate
  • Understand, adhere to and bolster Technology Infrastructure and Applications risk governance across first-line activities including the implementation of the three lines of defense model
  • Comprehensively assess risks and gather insights from issues and events across technology business areas to provide an aggregated risk assessment.
  • Facilitates activities by which risk owners identify new, top, emerging, or changing Technology Infrastructure and Application risks stemming from business activities or external events. Activities include Risk and Control Self-Assessments (RCSA), risk opinions for Key Business Decisions (KBD), and Material Risk Identification in accordance with policies and standards.
  • Confer with first-line management and risk partners to assess technology capabilities, analyzing processes, and risk exposure to drive the implementation of appropriate risk management controls. Review technology and risk management processes; examine documentation and flow to identify ways to improve and streamline risk mitigation processes.
  • As directed, may assist with development of management, regulatory and internal reporting and monitor risk metrics/indicators. Inform policies, standards and procedures to maximize effective management of risks related to Technology Infrastructure and Application operations and minimize risk exposure
  • Identify gaps and inform solutions identified resulting from inadequate practices and processes associated with management and operations of Technology Infrastructure and Applications


  • Bachelor degree or equivalent
  • Certified Risk Management Professional, Certified Internal Auditor, Certified Information Security Manager, Certified Information Systems Security Professional
  • 7+ years of related Operational Risk Management or first-line delivery experience related to information technology infrastructure and application development and operations. Experience in cyber security, resiliency and/or data management domains is a plus. Relevant work within a financial services, capital markets, insurance organization or in an operational risk role within a regulatory organization
  • Technical knowledge/skills in disciplines such as IT architecture, cloud computing and governance, agile development, secure development operations, IT asset management configuration and change management, production support, networking, systems development, and/or lifecycle development.
  • Demonstrated ability to function in a similar role within a large and complex organization
  • Excellent communication, relationship management and interpersonal skills
  • Relevant work within a financial services, capital markets, insurance organization or in an operational risk role within a regulatory organization

As a condition of employment with Fannie Mae, any successful job applicant will be required to successfully complete a background investigation.

Fannie Mae is an Equal Opportunity Employer.

Req ID: 59374