Skip to Main Content

Director of Business Resiliency Risk Oversight

Fannie Mae
Washington, DC
  • Expired: July 07, 2022. Applications are no longer accepted.

Company DescriptionAt Fannie Mae, futures are made. The inspiring work we do makes an affordable home a reality and a difference in the lives of Americans. Every day offers compelling opportunities to impact the future of the housing industry while being part of an inclusive team thriving in an energizing, flexible environment.

Here, you will help lead our industry forward and make your career.Job DescriptionUnder the integrated technology function within Enterprise Operational Risk Management, the Senior Manager / Director of Business and Technical Resiliency Oversight (Business Resiliency) will serve as a subject matter expert in resiliency operational risk management to help lead and drive governance, risk management and project management activities across Fannie Mae's second-line of defense Data, Technology, Cybersecurity, and Resiliency (DTCR) Risk Management program.  This position will collaborate with peer DTCR teams to deliver cross-functional, end-to-end risk oversight across all technology related domain areas, including applications, infrastructure, business resiliency and data management. The incumbent will provide effective oversight and challenge of risk management activities and be responsible for technology-related initiatives for risk oversight, identification, assessment, and monitoring.THE IMPACT YOU WILL MAKEThe Enterprise Technology Risk - Risk Management - Principal role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:Evaluate the adequacy and risk profile associated with testing programs designed for both cloud and on-premise environments to include infrastructure, network, applications and data as relates to validating Recovery Time Objective and Recovery Point Objective business requirementsDevelop key metrics and indicators for measuring risk and performance for resiliency testingAdvise management on the impact of proposed risks to the enterprise and recommend for updates and changes.Recommend changes and updates to management about processes to reduce risk using rigorous data-driven analysis.Facilitate with implementing an effective Business and Technical Resiliency risk management capability. Leverage knowledge of the mortgage industry, mortgage product types and mortgage securitization to ensure effective management of risk associated with Business Resiliency.Actively identify, assess, respond, and escalate risks as appropriate. Identify gaps and inform solutions identified resulting from inadequate internal processes, systems or human errors.Contribute to monthly risk appetite reporting for Management-Level Committee and Board materials by developing and presenting risk perspectives on changing or out-of-appetite risk profiles for senior management audiences.Drive risk governance across first-line activities including the implementation of the three lines of defense model.

Inform policies, standards, and procedures for Business Resiliency to maximize efficiency and minimize risk exposureIdentify problem drivers and reinforce operational procedures with appropriate internal controls. Facilitate project and risk management-related activities that provide horizontal support across the Data, Technology, Cyber, and Resiliency (DTCR) risk domainsCollaborate and interface with risk partners and other second-line Enterprise Risk Management functions to drive meaningful technology-risk reductions and escalation of risks, as needed. Partner with second-line risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies (including risk appetite, RCSA).Facilitate use of tools by which Business Resiliency risk owners identify new, material, emerging, or changing risks stemming from business activities or external events.

Tools include Risk and Control Self-Assessments (RCSA), risk opinions for Key Business Decisions (KBD), and Material Risk Identification in accordance with policies and standards. Confer with first-line management and risk partners to assess technology capabilities, analyzing processes, and risk exposure to drive the implementation of appropriate risk management controls.Deliver presentations and workshop sessions on Business Resiliency risk management activities, process analysis, risk identification, assessment, control, and mitigationWhere required by internal policies or external agencies, develop documentation of reports. This also includes developing, contributing to, and monitoring metrics and reporting (e.g., management reporting, internal reporting, etc.).QualificationsTHE EXPERIENCE YOU BRING TO THE TEAMMinimum Required Experience8+ years of related Business and Technical Resiliency executing risk oversight experience within either Operational Risk Management or Internal Audit or direct experience within business resiliency program.  Relevant work within a financial service, capital markets, insurance organization or in an operational risk role within a regulatory organization.Desired ExperienceBachelor degree or equivalentCertified DRII Professional, ISO Certified Professional, Certified Risk Management Professional, Certified Internal Auditor, Certified Information Security Manager, Certified Information Systems Security Professional, Certified Data Management Professional, Certified Business Continuity AuditorSkillsDemonstrable knowledge/skills within Business and Technical Resiliency and Crisis Management domains including: BCMS Program Management, Risk Assessment, Continuous Monitoring, Business & Technical Recovery, Business Impact Analysis, Recovery Strategy & Sequencing, Recovery Time & Recovery Point Objective Monitoring, Business Continuity Plans (BCP), Tabletop & Scenario Exercises, Third Party Resilience, Cyber Resilience, Technical Contingency Plans (TCP), Cloud Resilience, and Data Center Recovery (Plan & Exercise), Crisis & Incident Management / Workplace Safety (Governance, Plans, Training, Testing and Maintenance)Working knowledge of the following regulatory bodies, standards, and best practices:ISO 22301:2019 | Security and Resilience — Business Continuity Management Systems Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook) | Business Continuity ManagementWorkplace Safety Standards within the Occupational Safety and Health Administration (OSHA)Federal Housing Finance Agency (FHFA) outcomes and Advisory Bulletins based on ongoing monitoring, targeted examinations, and risk assessments (preferred)Interagency Practices related to Resiliency of the US Financial SystemPossess strong analytical skills in ability to interpret data, derive analytical insights from data and use tools as necessary (e.g., for testing and monitoring)Demonstrate effective oral and written communication skills with a mindset of continuous improvement as well as flexibility and adaptabilityPossess business acumen and credibility to help business line(s) proactively identify and address changing risk profilesAdditional InformationIn response to COVID-19, Fannie Mae has adapted our workplace and hiring processes to better safeguard our employees, candidates, and new hires. We understand that this is an unprecedented situation and Fannie Mae is committed to creating protocols for these processes that are agile and conform with federal, state, and local health administration guidance.

While the company's operating status for on-site work is currently voluntary, the majority of Fannie Mae's workforce is remote until further notice. We continue to conduct all interviews and onboarding virtually. In addition, all employees who wish to come on site must be fully vaccinated against COVID-19 and enter their vaccination information into a confidential HR system before arriving at the facility, unless they have an approved accommodation. Click here to go directly to information about accommodations.The future is what you make it to be.

Discover compelling opportunities at Mae is an Equal Opportunity Employer, which means we are committed to fostering a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, religion, national origin, gender, gender identity, sexual orientation, personal appearance, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation in the application process, email us at ID: REF10829J#LI-RM1

Fannie Mae


Washington, DC



View all jobs at Fannie Mae