Examiner/Senior Examiner (Operational Risk)

Examiner/Senior Examiner (Operational Risk)

Department: Other Agencies and Independent Organizations

Location(s): Salt Lake City, Utah, Seattle, Washington, Phoenix, Arizona, Los Angeles, California, San Francisco, California, Denver, Colorado, Washington, District of Columbia, Miami, Florida, Atlanta, Georgia, Chicago, Illinois, Indianapolis, Indiana, New Orleans, Louisiana, Boston, Massachusetts, Minneapolis, Minnesota, Kansas City, Missouri, Albuquerque, New Mexico, New York, New York, Oklahoma City, Oklahoma, Portland, Oregon, Austin, Texas

Salary Range: $111677 - $250888 Per Year

Job Summary: This position is for an Examiner/Senior Examiner (Operational Risk) located in the Division of FHLBank Regulation (DBR), Office of Operational Risk. In this role, the incumbent will perform examinations and ongoing monitoring of the FHLBanks' highly complex operational risk-related activities.

Major Duties:

• Division of FHLBank Regulation The Division of FHLBank Regulation (DBR) is responsible for carrying out the FHFA's statutory duties for ensuring that: 1) the Federal Home Loan Banks (FHLBanks) and the Office of Finance (OF) operate safely and soundly, and 2) the FHLBanks remain adequately capitalized. These functions are performed through on-site examinations and off-site monitoring of the FHLBanks and the OF. DBR also is responsible for policy and regulatory analysis, formulating and planning strategic goals, and conducting and evaluating long-range projects and proposals for all Agency programs relating to the FHFA's supervision and oversight of the FHLBank System. DBR monitors and analyzes the financial condition and performance of the FHLBanks and the market, credit, liquidity, operational, and model risks facing the FHLBanks. DBR collects financial and other data from the FHLBanks to support the Division's regulatory, policy, supervisory, monitoring, and examination functions. Monitoring and analysis staff participate in on-site examinations at the FHLBanks/OF and provide analyses of issues affecting the FHLBanks/OF as requested by the Deputy Director. Position Overview The Examiner/Senior Examiner (Operational Risk) will be responsible for performing examinations and ongoing monitoring of the FHLBanks' highly complex operational risk-related activities, with a primary focus on FHLBank and OF operational risk management, business processes, information security, information technology, data management, and business resiliency to identify and assess emerging and embedded risks. They will provide authoritative guidance on extremely complex and/or very controversial issues on FHLBank and OF operational risk activities and other supervision matters that may have broad implications; analyze the implications and impact of current and proposed supervision policies, programs, and practices; and may examine other component areas as assigned or serve as an Examiner-In-Charge. Major Duties & Responsibilities The Examiner/Senior Examiner (Operational Risk) duties listed below are at the EL-14 grade level. Depending on the grade level selected, the incumbent will perform the following duties with varying levels of supervision and difficulty: Assess information technology (IT) and information security (IS) risk management programs, including IT governance, cybersecurity, vendor risk, system development, and business continuity to identify risk and control weaknesses. Evaluation of IT/IS infrastructure and control environments (e.g., systems, networks, databases, application, and security controls), including cybersecurity practices such as vulnerability management, penetration testing, and access controls. Assess the effectiveness of IT/IS processes and controls (e.g., access management, change management, incident response, configuration management, and lifecycle management) using established frameworks. Conduct risk-based examinations and ongoing monitoring activities, including analyzing trends, identifying emerging risk, and evaluating IT/IS risks within broader operational and enterprise risk management programs. Advise leadership and stakeholders on IT/IS and cybersecurity risks, including evaluating IT/IS audit functions, communicating risk in a business context, and recommending improvements to strengthen risk management and supervisory strategies. Perform other duties as assigned.

Qualifications: You may qualify for your desired series and grade level if you meet the following qualification requirements: BASIC REQUIREMENTS: To be eligible for the 0570 series, you must meet one of the following requirements: A. Undergraduate and Graduate Education: Major study -- accounting, banking, business administration, commercial or banking law, economics, finance, marketing, or other fields related to the position. -OR- B. Specialized Experience (for positions above GS-5): Examples of qualifying specialized experience include: Work requiring a thorough knowledge and the application of commercial accounting or auditing principles and practices (but less than full professional accounting knowledge) with a financial institution. Examining or auditing such financial institutions as savings and loan associations, savings or commercial banking institutions or trust companies, farm credit associations, or Federal or State credit unions. Professional accounting or auditing work that provided a broad knowledge of the application of accounting or auditing principles and practices. Work that provided a thorough knowledge of Federal and State laws applicable to the type of financial institution involved (e.g., savings and loan associations, Bank for Cooperatives, savings or commercial banks, investment institutions, etc.), and of the operations and practices of such institutions. -OR- C. Certificate: A certificate as a Certified Public Accountant (CPA) obtained through written examination in a State, territory, or the District of Columbia meets the EL/GS-5 level requirements. Applicants with such certificates may also qualify for higher grade levels based on their education and or experience. In addition to meeting the above basic education, experience, or certification requirements, applicants must also meet the following minimum qualifications for their desired grade level: MINIMUM QUALIFICATIONS: Minimum Qualification EL-12: Applicants must have 52 weeks (one-year) of specialized experience equivalent to the next lower grade level as described below. Experience: I qualify for the EL/GS-12 because I have at least 52 weeks of specialized experience at the EL/GS-11 or equivalent demonstrating work experience with one or more of the statements described below. Examples of specialized experience include: Participating in assessments, examinations, audits, or monitoring activities with a focus on information technology (IT), information security (IS), or IT/IS compliance programs, including assessing areas such as IT governance, information security, vendor management, or business continuity to identify risks or control weaknesses; AND/OR Evaluating IT and IS infrastructure components (e.g., systems, networks, databases, applications, or security controls) to identify potential vulnerabilities, control gaps, or compliance issues; AND/OR Assessing IT/IS processes (e.g., access control, patch management, incident response, change management, or vulnerability management) using established frameworks to support risk identification and control evaluation; AND/OR Preparing or contributing to technical deliverables (e.g., workpapers, risk assessments, monitoring reports, or findings documentation) that clearly communicate IT/IS risks, trend analysis, control effectiveness, and recommendations to stakeholders. Minimum Qualification EL-13: Applicants must have 52 weeks (one-year) of specialized experience equivalent to the next lower grade level as described below. Experience: I qualify for the EL/GS-13 because I have at least 52 weeks of specialized experience at the EL/GS-12 or equivalent demonstrating work experience with one or more of the statements described below. Examples of specialized experience include: Conducting complex assessments, examinations, audit activities, or ongoing monitoring activities focused on IT and IS risks, including determining scope and methodology, and assessing areas such as IT governance, cybersecurity, vendor management, system development, or business resiliency; AND/OR Serving as a subject matter expert or team leader in evaluating IT or IS management programs, including governance, risk management, and control frameworks, and assessing the effectiveness of IT/IS processes and controls; AND/OR Analyzing complex or emerging IT/IS risks, including evaluating the scope and sufficiency of penetration testing, vulnerability management, patch management, and access controls, and identifying trends, significant deficiencies, and recommending corrective actions; AND/OR Communicating complex technical information, both orally and in writing, to management, stakeholders, or senior officials, clearly articulating IT/IS risks, impacts, and recommendations. Minimum Qualification EL-14: Applicants must have 52 weeks (one-year) of specialized experience equivalent to the next lower grade level as described below. Experience: I qualify for the EL/GS-14 because I have at least 52 weeks of specialized experience at the EL/GS-13 or equivalent demonstrating work experience with one or more of the statements described below. Examples of specialized experience include: Leading or directing highly complex assessments, examinations, audit activities, or ongoing monitoring activities focused on IT and IS risks, including designing risk-based strategies and evaluating areas such as IT governance, cybersecurity programs, vendor management, enterprise architecture, or business continuity; AND/OR Serving as a senior technical authority in evaluating IT/IS management and risk management programs, including assessing how IT/IS risks integrate with broader organizational and business line risks; AND/OR Evaluating and advising on the effectiveness of cybersecurity programs, vulnerability testing, network security, and IT/IS control environments, including identifying trends, systemic issues, and recommending improvements; AND/OR Advising leadership and influencing organizational or program-level strategies, policy development, or regulatory approaches related to IT/IS risk, cybersecurity, or emerging technology risks, including interpreting requirements and guiding responses to complex, sensitive, or high-risk issues. *Audit or safety and soundness examination experience strongly desired. Commissioned examiners strongly encouraged to apply* **Failure to provide your transcripts, when required, for any of the options above will remove you from the hiring process** Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

How to Apply: To apply for this position, you must complete the online application and submit the documentation specified in the "Required Documents" section of this announcement: A complete application package must be submitted by 11:59 PM (EST) on 05/07/2026 to receive consideration (if there is a cap on the number of applications, the announcement may close earlier. If this is the case, be sure to apply as soon as possible). To successfully apply to this announcement, please follow these steps: To begin, click Apply to access the online application. You will need to be logged into your USAJOBS account to apply. If you do not have a USAJOBS account, you will need to create one before beginning the application. Follow the prompts to select your resume and/or other supporting documents to be included with your application package. You will have the opportunity to upload additional documents to include in your application before it is submitted. Your uploaded documents may take several hours to clear the virus scan process. When submitting your documentation, make sure your resume is updated and contains all relevant experience (and dates that the experience was obtained). Ensure that your resume describes experience that is directly related to the Specialized Experience Statements found in the "Qualifications" section of the announcement. After acknowledging you have reviewed your application package, complete the "Include Personal Information" section as you deem appropriate and click to continue with the application process. You will be taken to the online application which you must complete in order to apply for the position. Complete the online application, verify the required documentation is included with your application package, and submit the application. Once you have submitted your application package, write down the announcement number and control number. Please also ensure that you are using a current or relevant email address, so that any communication or updates regarding the announcement can be received. To update your application, including supporting documentation: During the announcement open period, return to your USAJOBS account, find your application record, and click Edit my application. This option will no longer be available once the announcement has closed. To view the announcement status or your application status: Click on this: https://www.usajobs.gov/Help/how-to/application/status/. Your application status page is where you can view your application status, and review your notifications sent by the hiring agency regarding your application. If you are unable to apply online, you must request an alternative application which is available from the Human Resources Office. Please contact Ryan Stanger at ryan.stanger@fhfa.gov or 771-233-7320 to obtain an alternative application.

Application Deadline: 2026-05-07