Operational Risk Business Lead (SFPS Cybersecurity)

Freddie Mac•McLean, VA

6d•$121,000 - $181,000

About The Position

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose. Position Overview: The Operational Risk Business Lead is a critical member of Single-Family Portfolio & Servicing’s Crisis Response & Cyber Risk (SF-CR2) Team, serves as a cybersecurity subject matter expert with deep expertise in the application of intelligence as a matter of informing risk mitigation. You will apply that expertise in collaboration with team members and stakeholders to enhance Single-Family’s (SF) cybersecurity risk management practices and processes. You will manage initiatives to build, enhance, and implement cybersecurity processes focused on reducing SF business risk by enhancing cyber risk monitoring, analyzing existing and future trends, and informing risk strategies for future threats. You will define and socialize changes to cybersecurity requirements, collaborate with corporate risk oversight groups to establish implementation guidance, and prepare and conduct training for SF business areas. Responsibilities also include, leading the SF division’s alignment with the NIST Framework, applicable corporate policies/standards/directives as well as regulatory requirements, performing risk assessments, creating and reporting metrics and preparing various and ad hoc reports for senior department/divisional leadership as well as our regulator. This lead role must be a strategic, thought leader, overseeing, and implementing industry standard best practices applicable to the Freddie Mac’s environment. Our Impact: We tackle complex challenges and promote assurance within the division and among our enterprise partners. We advance the core disciplines of risk, response, and assurance, catalyze a collaborative culture of cyber risk reduction, and help challenge assumptions, align with standards, evaluate threats, respond to incidents, and prepare for the unexpected.

Requirements

Bachelor's Degree or equivalent with 8-10+ years of relevant work experience; experience must include a minimum of 5 years in cybersecurity risk management
Extensive knowledge of cybersecurity frameworks (NIST, ISO, etc.)
Extensive knowledge of cybersecurity threats, vulnerabilities, and best practices for risk management
Critical thinking and business risk analysis skills
Relevant degree in Management Information Systems, Cybersecurity Risk Management, Business Administration with an emphasis in Technology, Computer Science, Accounting Information Systems or related discipline
Curiosity, critical thinking, and problem-solving skills
Ability to deep dive into cybersecurity processes to identify and mitigate risks
Desire to collaborate with stakeholders from many IT, cybersecurity and risk management disciplines
Excellent professional writing skills and verbal communications to executive leadership
Ability to convey technical information to all groups and individuals concisely and clearly both verbally and in writing to individuals with varying technical experience
Ability to work well under minimal supervision, while maintaining calmness and clarity under pressure

Nice To Haves

Previous formal cyber threat intelligence experience is preferred
Security certifications such as GCTI, CTIA, and CySA+ are desired.
Additional certifications such as CISA, CRISC, or CISSP are helpful

Responsibilities

Establish relationships with information security and risk management teams, becoming a trusted adviser for cybersecurity risk, control and reporting challenges
Maintain a comprehensive understanding of the firm’s information security processes and controls, and consult process owners as new initiatives, risks, threats, control activities, and issues emerge
Align and implement enterprise cybersecurity requirements for the division by working with Enterprise Ops & Tech, and business stakeholders to analyze changes, assess impact, refine implementation approach, and establish compliance reporting
Lead engagements and presentations on top risks, trends and internal controls for senior department/divisional leadership, risk oversight, and cross-business consumption
Work independently or in collaboration with other stakeholder teams to ensure work is completed on time and aligned with professional standards
Leverage data analytics and automation knowledge to enhance current cybersecurity requirements and reporting processes

Benefits

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs.
Information on these benefit programs is available on our Careers site.
This position has an annualized market-based salary range of $121,000 - $181,000 and is eligible to participate in the annual incentive program.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume