Job Description:The Enterprise Risk Management Department (“ERM”) is looking for an Associate Director risk professional to support the Bank in further maturing our IT (“IT”) Risk Management (“ITRM”) and Operational Risk Management (“ORM”) practices. Our goal is to provide an enterprise-wide risk framework and centralized oversight and governance, and to drive greater transparency and inform risk-based decision-making across the Bank. Additionally, the role will ensure that key ERM, ORM and ITRM processes including identification, assessment, monitoring, management, and reporting of risks appropriately align with risk appetite, capacity, and tolerance levels established at the Bank.Success in this role entails working closely with the Risk, IT and Information Security “(IS”) business units to socialize risk concepts, frameworks and promote the organizations’ risk culture, including education and training. Additionally, this role must have the ability to adapt previous experience and industry leading practices to fit the Bank. The position also partners with functional and operational leadership in the development of risk mitigation plans, consistent with the Bank’s enterprise risk management framework. The role will be an integral part of a risk management team that encourages creativity, leadership, and influence. You are expected to have a significant impact and influence in bank-wide strategic decision-making, and to support our mission through risk-based and data-driven decision making.Primary Responsibilities:Under the direction of the Senior Director, IT and EUC Risk Management, as part of the ORM team, the core day to day responsibilities for this role will be the following:Help mature and execute an IT and IS risk management framework using industry leading practices (e.G., NIST CSF, COBIT, SCF) and takes into consideration regulatory expectations; Leverage the current ERM, ORM and ITRM frameworks and partner with IT and IS teams to further mature the second line of defense IT risk assessments, document controls, identify gaps, and create action plans for critical IT and IS processes, including validation and testing to ensure IT risk programs are implemented and executed appropriately; Help refine the current risk register for IT,IS and Operational Risk competencies, as well as help create additional ones as appropriate; Support the risk assessment process for IT and IS risks, and make risk-tailored recommendations for remediation efforts and continuous monitoring through the creation of KRI/KPIs; Review processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and make recommendations.Complete risk assessments of critical technology implementations (e.G., Cloud Computing, hybrid infrastructure models, and Active Directory).Assist with identification, evaluation, and escalation of issues that conflict with the Bank’s risk tolerances, and help develop KRIs for each business unit; Establish collaborative relationships with key business owners, and assist in the development, assessment, and monitoring of mitigation plans for enterprise risks so that risks are managed to an acceptable level.Assist with communication and escalation of significant risk issues to the appropriate management, and monitor corrective actions to address issues, where needed; In addition, you may be asked to complete the following tasks:Assist the Enterprise Risk Officer and the Managing Director of ERM in ERM strategy-implementation and improvement opportunities; Complete, support and report on remediation work related to any internal and external audits and exams; Assist in regulatory and internal audit engagements, including gathering of relevant documentation related to internal and external exams; Work with the Data Science team to help embed data-driven metrics and decisions within ERM; Help with the enhancement of the ERM, ORM and ITRM frameworks, and assist in aligning the function with industry leading practices, including risk appetite, operational risk, policy and procedures, risk taxonomies, and reporting; Help assess enterprise and emerging risk issues, including assignment of risk ratings consistent with established policy standards; Perform transactiontesting to evaluate the prudence of strategic planning, the effectiveness of risk management processes, and the quality of management information reporting practices; Critical Competencies:Knowledge and working experience with ORM and ITRM Frameworks based on industry best practices and the three lines of defense model; A minimum of 7 years of experience in performing IT/IS/ORM risk assessments and control testing leveraging IT/IS Frameworks and Standards (e.G., FFIEC, NIST CSF, ISO, COBIT, ITIL); Knowledge of IT Risks associated with the System Development Lifecycle, Development Operations, Agile Development Processes, Infrastructure, Security Operations/Engineering, BCM/CM etc.A team player who can comfortably work in a dynamic and fast-paced environment, and ability to respond to changing circumstances; Ability to interactwith senior management while balancing multiple projects and other responsibilities; Experience with leveraging GRC platforms; Regulatory experience with the Federal Housing Finance Agency is a plus; Strong attention todetail with a proactive approach to solving and preventing problems; Excellent organization, project management, and prioritization skills; Excellent interpersonal skills to work in a team environment and to influence and interface with a broad range of stakeholders at all levels, internal and external; Certified Information Systems Auditor (CISA), Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), or other risk management discipline certification; Ability to take ownership of projects and deliver high-quality results.COMPENSATION RANGE: $155K $175KThe Federal Home Loan Bank of San Francisco is an Equal Employment Opportunity employer and is committed to a diverse workforce. We value and actively seek to recruit, develop, and retain individuals with varied backgrounds and experiences reflecting the full diversity of the communities that we serve. It is the policy of the Bank to comply with all applicable laws concerning the employment of persons with disabilities.