IT Risk Management Director

Employer
Freddie Mac
Location
McLean, VA
Posted
Aug 07, 2018
Closes
Sep 06, 2018
Ref
9418BR
Function
Executive, Director, IT
Hours
Full Time
Position Overview
Information Technology Operational Risk Management (ITRM) is responsible for providing oversight of operational risks associated with all operating activities of Freddie Mac’s Information Technology division. The primary responsibilities of ITRM include providing risk management, risk advisory, regulatory liaison, and policy/standards governance for the Information Technology division. This could include managing the review and publication of divisional policies and standards, defining and implementing risk management frameworks, monitoring and reporting risks and risk response, performing risk reviews and evaluations, and driving continuous improvement of risk management capabilities across IT. ITRM is led by the Vice President, IT Operational Risk & Governance.

ITRM is looking for an experienced director to lead the 1st line IT Risk Management teams that will provide risk management, policy/standards governance, and assurance/validation capabilities across IT. The IT Risk Management Director will report directly to the VP, IT Operational Risk & Governance. Working closely with the teams that represent each IT Department, the Director will be accountable for ensuring the consistent and logical application of the IT Risk Management Framework for the IT Division. The Director will direct and lead teams that work as the centralized coordination point of risk and issue management, KRI/KPI development, management risk reporting, risk escalation, and policy/standard governance. The Director will also enforce data quality requirements for the process, risk, and control data entered in the Freddie Mac Governance Risk and Compliance tool (BWise). This position requires that the applicant have a strong understanding of IT risks, operational risks, and the execution of risk management processes and governance within a large institution. As this is a risk leadership role it will require applications with strong partnership with internal IT leadership, as well as the 2nd and 3rd lines of defense organizations. The application must also have strong The applicant must also have strong communication and management skills, and strong knowledge of industry best practices.

Responsibilities include:
*Understanding and managing Information and Technology risk associated with the operational processes for the IT division
*Governing the IT division review of corporate policies and standards for appropriateness and impact, as well as, establishing the process by which 1st Line of Defense policies, standards, procedures and processes are developed, published, and reviewed
*Executing 1st Line of Defense risk management processes and reporting
*Ensuring IT risks are appropriately managed within the risk appetite tolerances and limits
*Providing transparency of risk exposures through implementing sound reporting for risk-based decision making
*Performing aggregation and reporting of IT risk metrics and data
*Executing at least monthly risk management meetings for each IT department to ensure risk transparency to all stakeholders
*Conducting quarterly SOX Risk and Control status assessment and reporting for each IT department
*Managing risks processes related to IT-wide risk management reporting tool and systems

Basic Requirements
*Bachelor’s Degree
*10-12 years of experience working with SOX, practical experience in internal/external audits, risk management – methods and techniques for the assessment and management of risk
*Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical and communication skills
*Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles
*Project Management experience
*Experience in IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, etc.

Preferred Skills
*Graduate degree or advanced studies
*Financial Services experience
*IT Risk management experience
*Knowledge and skills across:
-COSO
-ISACA Risk IT framework
-ISACA COBIT 5.0
-ISO 31000-series and 27000-series, 13335
-NIST Cybersecurity framework
-Third party risk management

Closing Statement
Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you’ll do important work for the housing finance system and make a difference in the lives of others. Freddie Mac is an equal opportunity and top diversity employer. EOE, M/F/D/V.