Information Technology Operational Risk Management (ITRM) is responsible for providing oversight of operational risks associated with all operating activities of Freddie Mac’s Information Technology division. The primary responsibilities of ITRM include providing risk management, risk advisory, third party IT risk management, regulatory liaison, and policy/standards governance for the Information Technology division. This could include managing the review and publication of divisional policies and standards, defining and implementing risk management frameworks, monitoring and reporting risks and risk response, performing risk reviews and evaluations, and driving continuous improvement of risk management capabilities across IT. ITRM is led by the Vice President, IT Operational Risk & Governance.
ITRM is looking for an experienced Senior risk professional to support issue management and risk management activities for Service Delivery Operations, Application Support, and Operational Risk Management departments. The candidate will be part of a team that has an extensive coordination role across the three lines of defense.
The IT Risk Senior will report directly to the IT Risk & Control Manager. Working closely with the teams that represent each IT Department, the senior will support risk team in consistent and logical application of key components of the IT Risk Management Framework for the IT Division.
This position requires that the applicant have a solid understanding of the risk frameworks, operational risks, and the execution of risk management processes and governance within a large institution.
- Understanding and managing risks and controls associated with the IT operational processes
- Providing transparency of risk exposures through implementing sound reporting for risk-based decision making
- Performing gap assessments on risks and controls and advising on the remediation of gaps
- Identify, understand and manage Information and Technology risk associated with the operational processes for the IT division
- Apply sound judgment in evaluating risks and controls; effectively challenge IT customers on the identification and acceptance of risks and the adequacy of controls.
- Perform risk assessments to reassess current risks and to identify emerging key risks (operational, compliance, technology, third party, etc.)
- Advise the IT “customers” on means and methods to drive remediation of risk related issues and operational events
- Build positive relationships with IT partners, as well as 2nd and 3rd lines of defense organizations
- Bachelor’s Degree or equivalent work experience
- 5 to 7 years of risk, control, compliance, or operational risk experience in the financial services industry, practical experience in internal/external audits, risk management - methods and techniques
- Experience in IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, etc.
Keys to Success in this Role:
- Self-starter and self-motivated.
- Ability to work & collaborate efficient in a team environment.
- Able to apply risk-based approach to prioritize work.
- Ability to communicate clearly, effectively, persuasively with technology and business partners.
- Motivated to learn new technologies and identify process improvements and efficiencies.
- Ability to adapt to change while continuing to deliver on assigned objectives.
- Strong verbal and written communication skills.