Lead IT Risk Analyst

Position Summary

This positions responsibilities include interacting with and providing guidance and assistance to staff throughout the organization on a number of critical risk functions at FHLBank, including, but not limited to, information technology risk, vendor risk management, general risk assessments, reporting and compliance.

Primary Success Factors

• Participates in the development and/or execution of IT Risk, Vendor risk, general risk assessments and reporting/compliance within Corporate Risk. This includes using guidance from the Committee on Sponsoring Organization (COSO), NIST, CobIT and FHLBanks ERM framework. This will also include a role in discussions and reaching conclusions on complex risks and making judgments on inherent risks, magnitude and residual risks.


• Ability to support other ERM-related functions, which may include items such as top-down risks, risks and control evaluation, insurance analysis and other items as necessary. Researches current literature to determine emerging risks in the financial services industry.


• Monitors and researches NIST, CobIT, COSO, FHFA, BASEL and other financial industry regulatory releases. Supports the development of training on new technical literature that impacts FHLBank.


• Assists in providing high-quality service to FHLBanks internal clients by being proactive in assessing information and understanding the needs of the business unit; provides guidance on and assist in the completion of risk-related tasks.


• Assists in providing an independent second line-of-defense to the business unit and offer critical insights to the conclusions being reached by the business unit; demonstrates the ability to reach conclusions and communicate those conclusions in a professional manner to business unit management along with FHLBanks CRO and Operating Risk Management and Risk Management Committees.


• Monitors and performs testing on critical compliance standards; develops and performs testing on the critical compliance standards.


• Performs Sarbanes-Oxley (SOX) testing as required; prepares/updates needed SOX documentation within ERM. Assists the CRO in the quarterly SOX certification process, ensuring that SOX key controls are working effectively.


• Effectively communicates both orally and in writing and documents the facts and conclusions on the various risk processes, including IT risk, end user computing, vendor, risk assessments, operating incidents, and more to Executive Committee members.

Required Experience

• Experience working in a team environment


• Strong customer service orientation


• Experience using various computer programs (e.g., GRC)


• Proven analytical skills (experience with Tableau a plus)


• Excellent communication skills (verbal and written)


• Demonstrated proficiency using Microsoft Office Suite Products, including MS Access, Excel, and Word