Cybersecurity Risk Senior (Hybrid or Remote Work)

About the position

At Freddie Mac, you will do important work to build a better housing finance system and you'll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation. Are you passionate about cybersecurity and technical risk? We can offer an exciting career opportunity that allows you to do rewarding work with the newest technologies, while growing your cybersecurity and risk management skillsets! This position can be performed from a Remote Location in the U.S., but must be within a 2-hr time zone differential from EST. Travel expected approximately once per quarter to HQ in McLean, VA, if Remote.

Responsibilities

• Provide oversight and challenge function for the Information Security programs of the IT division and other lines of business.
• Review the Information Security operations, solutions and architecture to identify risks, evaluate effectiveness and completeness of the cybersecurity capabilities and report the findings for enhancement and opportunities.
• Enhance and mature Risk Management practices by supporting the development of enterprise-wide cybersecurity policies and standards.
• Provide oversight and advisory services to 1st line partners regarding the application of standard requirements across a wide variety of technologies to manage risk.
• Support the development and execution of controls to monitor cybersecurity compliance and drive organizational change.
• Develop effective and measurable metrics (KRI, KPI and KCI) to analyze data and proactively identify trends or new/emerging risks.
• Execute risk analytics and reporting.
• Provide advisory consultation to lines of businesses and make course of action recommendations to manage risk.
• Effectively challenge our 1st line of defense technology teams while collaborating with the 3rd line (Internal Audit) and internal 2nd line partners.
• Collaborate with key risk areas, business partners, and IT counterparts to design action plans to address Cybersecurity and IAM risk.
• Autonomously lead program execution with documented project plans, expectations and schedule.
• Provide status reports, escalation and impediment resolution when needed.
• Support the Director and managers in leading and managing the team.

Requirements

• Bachelor's Degree and 5+ year working in and/or auditing IT security areas such as penetration testing, operations, threat intelligence, monitoring, vulnerability management, identity access management, Keys and Certificate Management or security engineering in large enterprises.
• Formal big 4 Cybersecurity Risk Consulting, Audit or Assurance experience preferred.
• Some industry leading Certifications preferred: CISSP, CISA, CRISC, CISM, CEH, and/or CIPT.
• Prior experience in Cybersecurity Operational Risk Management, supporting CISO in deployment and sustainment of cybersecurity capabilities, and previous big four experience preferred.
• Knowledge of cloud migration, AI, security and access management experience preferred.
• Demonstrate proficiencies in above stated cybersecurity domains.
• Working knowledge of industry security standards and guidance such as NIST or ISO.
• Capable of working independently and with a collaborative team.
• Deliver effective verbal, written and interpersonal communication skills with strong attention to detail.

Nice-to-haves

• Demonstrable experience with IT, privacy data and management practices/processes.
• Self-motivated, pro-active and results oriented problem solver; able to prioritize without heavy supervision.

Benefits

• Competitive compensation and market-leading benefit programs.
• Annual incentive program eligibility.