Information Technology Operational Risk Management (ITRM) is responsible for providing oversight of operational risks associated with all operating activities of Freddie Mac’s Information Technology division. The primary responsibilities of ITRM include providing risk management, risk advisory, regulatory liaison, and policy/standards governance for the Information Technology division. This could include managing the review and publication of divisional policies and standards, defining and implementing risk management frameworks, monitoring and reporting risks and risk response, performing risk reviews and evaluations, and driving continuous improvement of risk management capabilities across IT. ITRM is led by the Vice President, IT Operational Risk & Governance.
ITRM is looking for an experienced manager to lead the 1st line IT Risk Management teams that will provide control self-testing and assurance/validation capabilities across IT. The IT Risk Advisory Manager will report directly to the IT Risk Advisory Director. Working closely with the teams that represent each IT Department, the Manager will manage teams that are responsible the consistent and logical application of key components of the IT Risk Management Framework for the IT Division. This position requires that the applicant have a solid grasp of the risk frameworks, operational risks, and the execution of risk management processes and governance within a large institution. As this is a risk leadership role it will require applications with positive relationship with internal IT leadership, as well as the 2nd and 3rd lines of defense organizations. The applicant must also have good communication and leadership skills, and demonstrable understanding of industry standard methodologies.
Your Work Falls into Three Primary Categories:
- Provide leadership and expertise to a team of risk professionals
- Establish and Mature Risk Advisory Programs and Services
- Understanding and managing Information and Technology risk associated with the operational processes for the IT division.
- Apply sound judgment in evaluating risks and controls; effectively challenge the business on the identification and acceptance of risks and the adequacy of controls.
- Perform risk assessments to assess risks and to identify emerging key risks (operational, compliance, technology, third party, etc.); Identify and assess control effectiveness and/or gaps.
- Providing transparency of risk exposures through implementing sound reporting for risk-based decision making
- Advise the IT “customers” on means and methods to drive remediation of risk related issues and operational events
- Be a role model and mentor to the junior and mid-level professionals, work alongside of highly collaborative, open minded, technology savvy and dedicated team members.
- Reporting of IT risk metrics and data
- Forge partnerships with IT partners through delivery of "Value" risk management and advisory services.
- Cultivate a risk attitude by challenging partners to think in terms of risk and encouraging them adopt risk management practices into everyday operations
- Innovate by finding opportunities to improve risk management practices and Freddie Mac's overall risk posture.
- Bachelor’s Degree or equivalent work experience
- 7-10 years of experience working with SOX, practical experience in internal/external audits, risk management - methods and techniques for the assessment and management of risk
- Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical and interpersonal skills
- Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles
- Project Management experience
- Experience in IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, etc.
Keys to Success in this Role:
- Self-starter and self-motivated.
- Ability to work & collaborate effectively in a team environment.
- Sense of urgency and able to apply risk based approach to prioritize work.
- Ability to communicate clearly, optimal, persuasively with technology and business partners.
- Motivated to learn new technologies and identify process improvements and efficiencies.
- Ability to adapt to change while continuing to deliver on assigned objectives.
- Strong verbal and written communication skills.