Cybersecurity Risk Manager (Hybrid or Remote Work)

$138,000 - $206,000/Yr

Freddie Mac - McLean, VA

posted 5 months ago

Full-time - Mid Level
McLean, VA
Credit Intermediation and Related Activities

About the position

At Freddie Mac, you will do important work to build a better housing finance system and you'll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation. This position offers an exciting career opportunity that allows you to engage in rewarding work with the newest technologies while growing your cybersecurity and risk management skillsets. The role can be performed remotely within the U.S., provided you are within a 2-hour time zone differential from EST. Travel is expected approximately once per quarter to HQ in McLean, VA, if working remotely. As part of Freddie Mac's Enterprise Risk Management (ERM), the Information Risk Management Team provides second-line oversight of the company's Cybersecurity and Identity Access Management (IAM) programs. We are looking for a team member to support the development, validation, and monitoring of cybersecurity capabilities. As a subject matter expert in the Cybersecurity risk domain, you will provide oversight and challenge functions for the Information Security programs of the IT division and other lines of business. This includes reviewing Information Security operations, solutions, and architecture to identify risks, evaluate the effectiveness and completeness of cybersecurity capabilities, and report findings for enhancement and opportunities. You will enhance and mature Risk Management practices by supporting the development of enterprise-wide cybersecurity policies and standards. Additionally, you will provide oversight and advisory services to first-line partners regarding the application of standard requirements across a wide variety of technologies to manage risk. Your role will also involve supporting the development and execution of controls to monitor cybersecurity compliance and drive organizational change, as well as developing effective and measurable metrics (KRI, KPI, and KCI) to analyze data and proactively identify trends or new/emerging risks. You will execute risk analytics and reporting, provide advisory consultation to lines of business, and make course of action recommendations to manage risk. In terms of oversight, you will effectively challenge our first line of defense technology teams while collaborating with the third line (Internal Audit) and internal second-line partners. You will collaborate with key risk areas, business partners, and IT counterparts to design action plans to address Cybersecurity and IAM risk. Autonomously leading program execution with documented project plans, expectations, and schedules will be part of your responsibilities, along with providing status reports, escalation, and impediment resolution when needed. You will also support the Director in leading and managing the team, mentoring and guiding team members.

Responsibilities

  • Provide oversight and challenge function for the Information Security programs of the IT division and other lines of business.
  • Review Information Security operations, solutions, and architecture to identify risks and evaluate effectiveness.
  • Enhance and mature Risk Management practices by supporting the development of enterprise-wide cybersecurity policies and standards.
  • Provide oversight and advisory services to first-line partners regarding standard requirements across various technologies.
  • Support the development and execution of controls to monitor cybersecurity compliance and drive organizational change.
  • Develop effective and measurable metrics (KRI, KPI, KCI) to analyze data and proactively identify trends or new/emerging risks.
  • Execute risk analytics and reporting.
  • Provide advisory consultation to lines of business and make recommendations to manage risk.
  • Effectively challenge first line of defense technology teams while collaborating with the third line (Internal Audit).
  • Collaborate with key risk areas, business partners, and IT counterparts to design action plans to address Cybersecurity and IAM risk.
  • Lead program execution with documented project plans, expectations, and schedules.
  • Provide status reports, escalation, and impediment resolution when needed.
  • Support the Director in leading and managing the team; mentor and guide team members.

Requirements

  • Bachelor's Degree and 8+ years working in and/or auditing IT security areas such as penetration testing, operations, threat intelligence, monitoring, vulnerability management, identity access management, Keys and Certificate Management, or security engineering in large enterprises.
  • Formal big 4 Cybersecurity Risk Consulting or Audit experience preferred.
  • Some industry-leading Certifications preferred: CISSP, CISA, CRISC, CISM, CEH, and/or CIPT.
  • Prior experience in Cybersecurity Operational Risk Management, supporting CISO in deployment and sustainment of cybersecurity capabilities, and previous big four experience preferred.
  • Knowledge of cloud migration, AI, security, and access management experience preferred.
  • Demonstrate proficiencies in stated cybersecurity domains.
  • Working knowledge of industry security standards and guidance such as NIST or ISO.
  • Capable of working independently and with a collaborative team.
  • Deliver effective verbal, written, and interpersonal communication skills with strong attention to detail.

Nice-to-haves

  • Experience with IT, privacy data, and management practices/processes.
  • Self-motivated, pro-active, and results-oriented problem solver; able to prioritize without heavy supervision.

Benefits

  • Competitive compensation
  • Market-leading benefit programs
  • Annual incentive program eligibility
  • Comprehensive total rewards package

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service