What are the responsibilities and job description for the Sr Mgr IT & Information Security Risk position at FEDERAL HOME LOAN BANKS OFFICE OF FINANCE?
FEDERAL HOME LOAN BANKS OFFICE OF
FINANCE POSITION DESCRIPTION
POSITION: | Sr. Manager, Information Technology and Information Security Risk | DATE: May 2026 |
DEPARTMENT: | Risk Management | FLSA: Exempt |
REPORTS TO: | Chief Risk Officer | LOCATION: Hybrid/Reston, VA |
SUMMARY OF POSITION:
The Information Technology and Information Security Risk (IT/IS) Sr. Manager plays a critical enterprise-wide role in overseeing cybersecurity, technology, data, AI and information security risk governance across the Office of Finance (OF). This role partners with the Chief Risk Officer (CRO) and the Enterprise Risk Management team in identifying, assessing, and monitoring the organization’s technology and cybersecurity risk profile to ensure alignment with the Office of Finance (OF)’s strategic objectives, risk appetite, and regulatory expectations. This role has broad ownership and visibility across the enterprise and serves as a key second-line risk partner to senior leadership, business lines, IT, Information Security, Compliance, and third-party vendors. The Senior Manager will help ensure adherence to regulatory expectations from agencies such as FHFA, FFIEC, OCC, FDIC, SEC, and FINRA. This person will partner with business lines, IT, and compliance teams to maintain a strong security posture and reduce exposure across critical financial systems and third-party relationships, strengthening the organization’s overall cyber resilience and operational risk management framework.
We’re proud of the way our teammates have a positive impact on everything we do. Our employees are committed to and exemplify our Core Values:
- Integrity through accountability, consistency, transparency, and trust
- Agility through adaptability, continuous improvement, expertise, and flexibility
- Partnership through collaboration, communication, leadership, and teamwork
- Inclusivity through relationships, respect, and support
PRINCIPAL RESPONSIBILITIES:
- Evaluate and provide independent challenge regarding the alignments of the organization’s IT and IS strategy with enterprise business objectives, risk appetite, and regulatory expectations.
- Review and assess the adequacy of information technology and security risk assessments across applications, infrastructure, and business processes.
- Partner with IT project teams to influence decisions related to technology architecture, cybersecurity controls, system implementations, and operational risk mitigation strategies
- Evaluate new and existing systems, platforms, and SAAS integrations for cybersecurity risks and regulatory compliance impacts.
- Conduct third party and vendor security risk assessments, including review of SOC 1/SOC 2 reports, SIG questionnaires, penetration testing results, and remediation plans to ensure vendor information security practices align with OF expectations.
- Provide effective second-line oversight and credible challenge related to cybersecurity incidents, operational disruptions, and emerging technology risks, including analysis ofg potential impacts to customer data, financial systems, and regulatory obligations.
- Collaborate with business units and technology teams to identify, document, and monitor risks, ensuring remediation activities meet regulatory timelines and internal risk appetite.
- Oversee the implementation of information technology and security risk management policies and the Cyber-Security Incident Response Plan, taking into consideration regulatory compliance expectations and industry best practices.
- Conduct cyber security awareness training and education through periodic email phishing tests, in-person and computer-based training, presentations to employees, and security related tabletop exercises.
- Monitor the status of remediation for IT and IS related issues and ensure that the remediation documentation is complete and adequate.
- Monitor cybersecurity and financial sector threat intelligence; communicate emerging risks to leadership.
- Oversee IT and IS key risk indicators (KRIs) and maintain clear and accurate dashboards and reporting metrics for senior management, risk committees, and regulators.
- Support the OF’s core values of Integrity, Agility, Partnership, and Inclusivity.
PRINCIPAL JOB REQUIREMENTS:
- Ability to analyze complex technical environments and communicate risk in business-focused terms.
- Strong analytical and problem-solving skills, with attention to detail.
- Strong knowledge of information security frameworks including NIST CSF, NIST 800‑53, ISO 27001, CIS Controls.
- Effective oral and written communication skills for interacting with auditors, examiners, and senior management.
- Ability to build relationships, collaborate with diverse teams, and integrate different perspectives.
- Ability to manage workload with minimal supervision while demonstrating initiative and curiosity.
- Proof of eligibility to work in the United States
PREFERRED SKILLS AND EXPERIENCE:
- A Bachelor’s degree from an accredited college or university; majors in Information Security, Cybersecurity, Risk Management, or related fields (or equivalent work experience) preferred.
- 8–10 years of relevant experience in information security or risk management roles with experience in financial services, banking, payments, fintech, or related regulatory environments preferred.
- Experience with data analytics and visualization tools (e.g., Power BI, Tableau, or Python).
- Experience working in a regulated financial services or technology environment.
- Currently holds relevant professional certifications (e.g., CRISC, CISSP, CISM, Security or CGEIT).
EQUAL EMPLOYMENT OPPORTUNITY:
The Federal Home Loan Banks Office of Finance is committed to equal employment opportunity without regard to race (including traits historically associated with race, such as hair texture, hair type and protective hairstyles), color, religion, sex, pregnancy (including childbirth, lactation, and related medical conditions), national origin or ancestry, age, physical or mental disability, veteran status, uniformed service member status, military status, sexual orientation, gender identity, status as a parent, marital status, genetic information (including testing and characteristics), citizenship status, or any other characteristic protected by applicable federal, state, or local law.