View All Jobs 161535

Seller/servicer Information Security Risk Oversight Tech Lead

Lead the development of comprehensive cybersecurity risk assessment frameworks for third-party seller/servicers
McLean, Virginia, United States
Senior
$142,000 – 214,000 USD / year
3 weeks ago
Freddie Mac

Freddie Mac

A government-sponsored enterprise that provides mortgage capital to lenders to promote affordable homeownership and rental housing.
2 Similar Jobs at Freddie Mac

Business Lead For Third Party Risk Governance (TPRG) Information Security (Cyber)

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it's at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Freddie Mac is seeking an experienced Business Lead to join our Third Party Risk Governance (TPRG) Information Security (Cyber) team. Your role will be vital in identifying potential risks and ensuring that effective mitigation strategies are in place. If you have a strong foundation in risk management and cybersecurity, and are committed to protecting organizations from threats, we invite you to apply for this critical role at Freddie Mac.

The Seller/Servicer Information Security Oversight Team, within Third-Party Risk Management, is responsible for monitoring the information security standards of seller/servicers to ensure the safeguarding of Freddie Mac's data in alignment with the Freddie Mac Guide. Our team of cyber risk specialists is actively involved in monitoring, identifying, detecting, and responding to cyber threats. Through regular vulnerability scans, they work diligently to mitigate information security risks to Freddie Mac.

As a Business Lead, you will play a key role in enhancing our oversight of third-party risk management. Your responsibilities will include:

  • Leading initiatives to conduct thorough cybersecurity risk assessments.
  • Applying the Cybersecurity Framework (CSF) to structure and improve our risk management processes.
  • Collaborating with various stakeholders to identify and assess potential information security risks.
  • Developing and implementing strategic plans to effectively mitigate identified risks.
  • Ensuring the continuous improvement of our cybersecurity posture through proactive risk management and oversight.
  • Conducting comprehensive Information Security risk reviews and interviews with seller/servicers as part of the annual Consolidated Origination and Risk Evaluation (CORE) review.

Qualifications:

  • 8+ years of experience in risk management, internal controls, audit, or compliance, preferably within financial services or mortgage operations
  • 8 to 10 years of experience in cybersecurity or cyber risk management, with a focus on highly regulated industries.
  • Bachelor's degree in computer science, engineering, or a related field, or equivalent work experience, preferred.
  • Proficiency in performing risk analyses, vulnerability assessments, and threat modeling.
  • Proven track record of leading risk assessment and controls initiatives across business functions.
  • Proven experience engaging with senior leadership to understand and align with strategic goals.
  • Experience in IT governance, risk, and controls, including familiarity with frameworks such as COBIT, FFIEC, ISO 2700x, and NIST.
  • Strong analytical and problem-solving skills.
  • Excellent communication skills for articulating technical risks to non-technical audiences.
  • In-depth knowledge of cybersecurity principles, networks, and operating systems, with experience in relevant frameworks like NIST and ISO 27001.
  • Industry certifications such as Sec+, SSCP, GSEC or C|EH, preferred.

Keys to Success:

  • Significant understanding of the Third-Party Risk Governance process.
  • Ability to perform additional duties as assigned to support the organization's evolving needs.
  • Strong analytical and problem-solving skills.
  • Excellent communication skills for articulating technical risks to non-technical audiences.
  • In-depth knowledge of cybersecurity principles, networks, and operating systems, with experience in relevant frameworks like NIST and ISO 27001.
  • Possess a deep understanding of NIST standards and evaluate seller/servicers' compliance with the Freddie Mac Guide.
  • Identify and assess potential risks and vulnerabilities to our systems and data posed by third parties, utilizing approved monitoring tools.
  • Conduct thorough risk assessments, analyze potential threats, and evaluate third-party information security processes and procedures.
  • Identify associated risks and provide a comprehensive risk assessment with supporting evidence.

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.

+ Show Original Job Post
Suggest a correction
























Seller/servicer Information Security Risk Oversight Tech Lead
McLean, Virginia, United States
$142,000 – 214,000 USD / year
Support
Apply to job
About Freddie Mac
A government-sponsored enterprise that provides mortgage capital to lenders to promote affordable homeownership and rental housing.