Our Work Protects the Dollars of Everyday Americans

LOCATION: San Francisco, CA 

Why Work For The Fed?

While the SF Fed is a Reserve Bank, we’re not what you might expect. We’re unreserved here. That means we seek new and diverse perspectives. We spark conversations and encourage debate. We build opportunity. We pursue careers that are true to ourselves. We are looking for people who want to help our country reach its full economic potential. When you join the SF Fed, you join a team of people working together to promote an inclusive economy that works for everyone.

Are you experienced in Technology and/or Cybersecurity Risk Management? Would you like to join thought leaders in influencing and implementing the future of bank supervision? If yes – then read on!

Fulfilling Careers That Make a Difference

We need you, an experienced Senior IT Risk Specialist to join the Portfolio Risk Management – Non-Financial Risk (PRM-NFR) Team within the Risk, Policy and Analysis Group of the SF Fed’s Supervision and Credit (S+C) Department. In this role, you will lead IT risk management assessments and examinations for regional, community, and foreign (RCF) portfolios and the regional non-bank service providers under Federal Reserve supervisory authority.

You will serve as a subject matter expert and be responsible for assessing financial institutions’ IT risk management programs and associated management information systems to ensure they are operating in a safe and sound manner and complying with applicable banking laws, regulations, and policy statements. You will lead examinations for information security and cybersecurity, including assessing business resiliency and third party (vendor) risk management from a cybersecurity perspective.

Job Description

You will have superb communication skills with the ability to explain complex IT/cyber security issues and concepts to diverse audiences. Your collaboration skills and ability to develop strong relationships with senior management, System staff and other regulators and partners will be a critical part of this role.

Highlights of Responsibilities:

  • Lead or participate in firm-specific examinations and monitoring activities over a spectrum of IT / cybersecurity topics to determine the effectiveness of a firm’s IT risk management program and validate remediation efforts of identified issues.
  • Lead or participate in the development of firm risk assessments and supervisory strategies, and the vetting of exam scopes and findings. Prepare and deliver written analyses and presentations on firm specific as well as broader industry trends or emerging risks. Provide briefings to senior FRS staff and others in the supervisory community.
  • Prepare informative, well-supported supervisory products and work papers, effectively communicating complex and problematic supervisory findings, including required actions to banks’ senior management and board of directors.
  • Serve as a subject matter expert of supervisory rating systems (URSIT ratings) and understand the FFIEC framework for supervising service providers and related supervisory expectations contained in the FFIEC IT handbooks.
  • Develop and maintain expertise in cyber security/information security, cloud computing, IT operations, IT risk management, and IT internal audit, as well as supervisory expectations and industry practices in those areas.
  • Analyze internal reports, facilitate discussions with institution management, review industry information, and research IT / cybersecurity risk topics affecting the financial services industry. Synthesize information from multiple sources to identify industry trends and emerging issues. Develop creative approaches to evaluating risks and operational resiliency. Devise methods to incorporate FRS data, market-based surveillance products, and technology more efficiently into the ongoing supervisory process.
  • Lead or participate in Federal Reserve System and local IT risk initiatives and contribute to the development of policies to enhance the supervision of financial firms. Contribute to and lead System efforts to develop effective IT supervisory policy and guidance, supervisory activities, and IT analysis and thought leadership.
  • Maintain strong relationships and liaisons with FRS colleagues, institution management, and other regulatory agencies.
  • Provide coaching, training, and mentoring to less experienced colleagues



  • Bachelor’s degree in business, technology, or related fields of study (or equivalent work experience). Advanced degree or professional certifications with an emphasis on internal audit or information security (e.g., CRISC, CISM, CISA, CISSP, CIA) or examiner commission are desired.
  • Seven or more years of direct or comparable banking, financial industry or banking supervision experience with bank examinations, internal audit, or in conducting control assessments at a banking organization or consulting firm is desired.
  • Knowledge of and experience evaluating cyber security/information security and technology risks facing complex financial institutions and prudent practices for managing those risks, leveraging common frameworks, such as FFIEC, NIST, and ISO.
  • Strong analytical and critical thinking skills demonstrated by the ability to assimilate new information, understand complex topics, and produce sound analysis.
  • Excellent written and verbal communication skills and the ability to synthesize complex ideas and explain them clearly.
  • Ability to think strategically, bringing a broad perspective on how to translate ideas into executable actions.
  • Ability to thrive as a member of a team and to build collaborative working relationships with colleagues across teams and at different levels.
  • Strong organizational skills, project management skills and attention to detail.
  • Must be a U.S. Citizen, U.S. National, or hold a permanent resident/green card with intent to become a U.S. Citizen.
  • Ability to travel up to 30 percent; however, the System will be conducting all supervisory activities offsite until personal safety due to COVID-19 is reasonably assured, and we are anticipating lower overall travel for supervisory activities following the pandemic.
  • Effective October 1, 2021, all employees must be fully vaccinated against COVID-19 or qualify for an accommodation from the Bank’s vaccination policy; the Bank will provide accommodations as required by law for individuals unable to be vaccinated due to medical condition or sincerely held religious belief.


  • Medical, Dental and Vision
  • Defined Benefit Pension Plan
  • Pre-tax Flexible Spending Account
  • Backup Child Care Program
  • Pre-tax Day Care Flexible Spending Account
  • Vacation, Days Sick Days, and Paid Holidays
  • Pet Insurance
  • Matching 401(k)

All employees must be fully vaccinated against COVID-19 or qualify for an accommodation from the Bank’s vaccination policy; the Bank will provide accommodations as required by law for individuals unable to be vaccinated due to medical condition or sincerely held religious belief.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer.