IT Risk Management Specialist

Primary Location

 NY-New York City

Full-time / Part-time


Employee Status


Overtime Status


Job Type



 Yes, 25 % of the Time


 Day Job

Job Sensitivity Not Evaluated

The Operational Risk Department’s mission is to identify, understand and assess the effectiveness of firms’ management of operational risks and develop cross-institutional perspectives on sound risk management practices to potentially mitigate systemic disruption to the financial sector by insight from observed or potential gaps in people, processes or technology.

Job Responsibilities
The IT Specialist covering FMI will support the FMI supervisory teams in carrying out its mandate to promote financial stability associated with financial market infrastructures (FMIs) as well as payment, settlement and clearing activities conducted by systemically important financial institutions (SIFIs).  Given the complexity and systemic importance of FMIs that have been designated Financial Market Utilities (FMUs) by the Financial Stability Oversight Council (FSOC) the IT Specialist will pay close attention to firm-wide IT risk management practices.   The key areas of focus are information (including cyber) security, business continuity and resiliency, and governance of systemically important technology initiatives.

The IT Specialist will cover multiple FMUs and contribute to the firms’ Information Technology risk management assessment by carrying out the following responsibilities:

  • Assessing the firm’s program maturity and risk portfolio related to information security, IT governance, and business continuity and resiliency through continuous monitoring and examination activities.
  • Assessing FMUs’ systems infrastructure capabilities with regards to new and evolving regulatory requirements.
  • Assessing FMU’s systems capacity planning strategies and change management control environment.
  • Participate in reviews of FMUs’ onshore/offshore processing centers and vendor risk management program.
  • Assessing the overall adequacy of the IT Internal Audit function.
  • Participate in horizontal reviews sponsored by the FMI function that entail any of the above IT elements.
  • Stay abreast of relevant regulatory developments and assess their potential impact on the FMUs’ payments, settlement and clearing activities and IT risks associated with the areas of responsibility.
  • Maintaining knowledge of emerging technologies, threats/vulnerabilities and risk management practices /techniques and its implications to the FMI ecosystem.
  • Developing timely and persuasive reports and delivering oral presentations on relevant issues or trends that could affect financial stability to ERS and FMI management, Risk Secretariat and the broader Federal Reserve System (FRS) including the FMU Steering Committee.
  • Developing and contributing to cross-firm analyses of implemented technologies, processes, and controls.
    Contributing to firm-specific supervisory analyses and products (e.g., annual assessments, supervisory plans, etc.) in areas covered.
  • Developing and maintaining relationships with other agencies (SEC, FINRA, etc.) and industry experts to understand current and emerging regulatory practices, regulations and supervisory focus areas.
  • Maintain ongoing awareness of related key supervisory issues in areas of responsibility and developments in supervision and identify opportunities to work collaboratively with other risk specialists, FMI specialists, policy analysts and/or other staff members across the FRS.
Job Requirements
  • Significant relevant industry and/or supervisory experience in at least one of the following key areas of focus and, at a minimum, a bachelor’s degree in business or IT related field.   Specific experience requirements are as follows:   
    • Information Security: Minimum of five years work experience in network security, threat vulnerability management, security architecture, secure application development, or information security policy lifecycle.  
    • IT Governance and Strategy: Minimum of five years work experience in establishing and/or executing policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements and business alignment.
    • Business Continuity and Resiliency:   Minimum of five years work experience in establishing and/or executing business resilience programs, key risk indicators, asset identification and prioritization, testing, and/or monitoring.
    • IT Audit: Minimum of five years work experience in audit of information systems including network infrastructure, application development, vendor management, change management or other relevant IT areas of coverage.
  • Strong communication skills, including ability to identify, prioritize, frame, and clearly articulate material issues that reflect supervisory positions/concerns.  Ability to make presentations and lead meetings that are clear, informative, well-organized, analytically sound, and effective; demonstrate confidence in delivery and ability to stay focused on key messages; manage questions and discussions effectively.
  • Relevant industry or supervisory experience in securities clearing and settlement, prime brokerage, securities lending and/or sales and trading.
  • Sound organizational skills and self-management evidenced by an ability to take initiative and ownership of assignments, produce results under tight time constraints, and operate effectively given rapidly evolving priorities
  • Ability to apply knowledge of the financial industry, sound practices, banking principles, regulations and examination procedures to the supervision of a cross section of institutions; mine existing information for cross-institutional themes and issues to provide insight regarding institutions, industry practices and emerging risks that is forward-looking and consistent with strategic concerns.
  • Demonstrated ability to get things done on a timely basis.
  • At least one of the following certifications are preferred:
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA) 
    • Certified Business Continuity Professional (CBCP)
    • ITIL Service Manager Certification 
  • A working knowledge of FFIEC IT guidance and IT Sound Practices is a plus.
  • Proficiency in using automation tools such as spreadsheets and databases to enhance analysis and support supervisory activities.
  • Familiarity with the CPSS-IOSCO Principles for financial market infrastructures.
This position requires access to confidential supervisory information, which is limited to “Protected Individuals” as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so.
The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service”, as this was not included on the body of the descriptions.


. . . . . . . .

Leave a Reply