Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.
Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.
Under the integrated technology function within Enterprise Operational Risk Management, this Lead Associate will serve as a risk lead to drive risk management and oversight activities across Fannie Mae?s second-line of defense Data, Technology, Cybersecurity, and Resiliency (DTCR) Risk Management program. You will primarily provide effective oversight and challenge of Technology Infrastructure and Application operations and management. As a risk lead, you may also support cross-functional technology-related initiatives to help provide end-to-end risk oversight, identification, assessment, and monitoring across all technology related domain areas, including cyber security, business resiliency and data management.
KEY JOB FUNCTIONS
- Maintain an effective Technology Infrastructure and Applications risk management framework
- Collaborate and interface with risk partners and other second-line enterprise risk management functions to help drive meaningful technology-risk reductions and escalation of risks, as needed. Partner with second-line risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies (including risk appetite, RCSA).
- Leverage knowledge of the mortgage industry, mortgage product types and mortgage securitization to ensure effective management of risk.
- Actively identify, assess, respond and escalate risks associated with Technology Infrastructure and Applications, as appropriate
- Understand, adhere to and bolster Technology Infrastructure and Applications risk governance across first-line activities including the implementation of the three lines of defense model
- Comprehensively assess risks and gather insights from issues and events across technology business areas to provide an aggregated risk assessment.
- Facilitates activities by which risk owners identify new, top, emerging, or changing Technology Infrastructure and Application risks stemming from business activities or external events. Activities include Risk and Control Self-Assessments (RCSA), risk opinions for Key Business Decisions (KBD), and Material Risk Identification in accordance with policies and standards.
- Confer with first-line management and risk partners to assess technology capabilities, analyzing processes, and risk exposure to drive the implementation of appropriate risk management controls. Review technology and risk management processes; examine documentation and flow to identify ways to improve and streamline risk mitigation processes.
- As directed, may assist with development of management, regulatory and internal reporting and monitor risk metrics/indicators. Inform policies, standards and procedures to maximize effective management of risks related to Technology Infrastructure and Application operations and minimize risk exposure
- Identify gaps and inform solutions identified resulting from inadequate practices and processes associated with management and operations of Technology Infrastructure and Applications
- Bachelor degree or equivalent
- Certified Risk Management Professional, Certified Internal Auditor, Certified Information Security Manager, Certified Information Systems Security Professional
- 7+ years of related Operational Risk Management or first-line delivery experience related to information technology infrastructure and application development and operations. Experience in cyber security, resiliency and/or data management domains is a plus. Relevant work within a financial services, capital markets, insurance organization or in an operational risk role within a regulatory organization
SPECIALIZED KNOWLEDGE & SKILLS
- Technical knowledge/skills in disciplines such as IT architecture, cloud computing and governance, agile development, secure development operations, IT asset management configuration and change management, production support, networking, systems development, and/or lifecycle development.
- Demonstrated ability to function in a similar role within a large and complex organization
- Excellent communication, relationship management and interpersonal skills
- Relevant work within a financial services, capital markets, insurance organization or in an operational risk role within a regulatory organization
As a condition of employment with Fannie Mae, any successful job applicant will be required to successfully complete a background investigation.
Fannie Mae is an Equal Opportunity Employer.
Req ID: 59374