Risk and Governance Manager/ Investments and Capital Markets - Jamie Grayem

This position will lead and/or conduct technology-related risk and governance (first line of defense [1LOD]) activities for the I&CM Information and Technology Risk Office. Reporting to the Technology Risk and Controls Director, the successful candidate will collaborate with the divisional operational risk group, technology teams, and business partners to assess and report on operational events and issues, orchestrate audit activities, lead continuous risk assessments, conduct control design and implementation, perform operational improvement identification and execution, manage remediation enforcement, and report to senior management on technology control, governance, risk, and compliance activities.

I&CM Risk & Governance is a first line of defense risk governance team. We act as trusted advisors for our business partners as we proactively support in assessing and identifying potential risks that may impeded our division from meeting its business objectives.

• Our team is responsible for technology risk and governance activities and execution.

• We work closely with partners within Information Risk, Business Technology Office, I&CM, and other divisions to continually mature the firm’s risk program.

As a Risk and Governance Manager, you will oversee technology-related processes, and partner with business stakeholders and domain risk SMEs to identify and mitigate risks. Your work will help us improve our risk management process and make our control environment stronger. This role will provide opportunities to broaden your technology and risk knowledge and strengthen your leadership skills. Although this role is not currently a people manager, you will partner with the director to coach and develop the team. Your day-to-day responsibilities include:

• Identify and assess technology process risks. Develop and document adequate controls, including supporting establishment, maintenance and validations of SOX, non-SOX technical, and operational controls across I&CM technology activities.

• Assess gaps and emerging threats and perform pre-2LOD and/or 3LOD review readiness.

• Prepare, conduct, and document quarterly Risk Control Self-Assessments for technology processes.

• Provide support to the business process during 2LOD oversight activities, Internal Audit exams and FHFA exams.

• Support the technology process in identifying an issue, assessing severity, developing, and tracking remediation action plans.

• Proactively stay abreast of business/market changes/trends that may impact technology and associated risks. Discuss and resolve potential risks with relevant stakeholders.

• Provide risk and controls input for I&CM new business and governance initiatives.

• Conduct root cause and impact analysis of operational risk events. Identify remediation activities and produce concise write-ups for Senior Management.

• Generate risk and compliance-related materials for I&CM, IT, ERM, IA and FHFA, including periodic updates and time-sensitive requests.

• Review and validate accuracy of information documented in the risk database and enterprise governance repository.

• Develop technical risk procedures, job aides and process flows for the division.

• Produce periodic reporting on risk indicators, and divisional technology risk and control issues.

• Challenge status quo. Find opportunities to improve and streamline existing processes.

• Undertake ad-hoc projects as needed.

• 5- 10 years of risk management, governance, audit, emerging threats, program governance, artificial intelligence, and/or data compliance in technology processes (ideal candidate possesses experience in several of these areas).

• Proven ability to investigate, assess risks, and partner with technical and non-technical business owners to determine root cause and remediation (including potential upstream/downstream impacts).

• Experience supporting financial and/or product development services desired, but comparable industries acceptable with a willingness to learn.

• Degree in Finance, Risk Management, Information Security, or a technology-related field; or equivalent work experience preferred.

• Experience implementing, formulating control language, or assessing Sarbanes-Oxley requirements, Risk and Control Self-Assessments (RCSA) and/or proactively identifying potential technical and emerging risks and process improvements.

• Experience defining, documenting, and communicating technical and operational governance.

• Ability to track and report on achievement of plans/projects.

• CIA, CISA, CISSP, PMP, CISM, CRISC or other related professional certification preferred (or working towards a certification).