Seller/Servicer Information Security Risk Oversight Tech Lead
About The Position
At Freddie Mac, our mission of Making Home Possible is what motivates us, and it's at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose. Position Overview: Freddie Mac is seeking an experienced Business Lead to join our Third Party Risk Governance (TPRG) Information Security (Cyber) team. Your role will be vital in identifying potential risks and ensuring that effective mitigation strategies are in place. If you have a strong foundation in risk management and cybersecurity, and are committed to protecting organizations from threats, we invite you to apply for this critical role at Freddie Mac. Our Impact: The Seller/Servicer Information Security Oversight Team, within Third-Party Risk Management, is responsible for monitoring the information security standards of seller/servicers to ensure the safeguarding of Freddie Mac's data in alignment with the Freddie Mac Guide. Our team of cyber risk specialists is actively involved in monitoring, identifying, detecting, and responding to cyber threats. Through regular vulnerability scans, they work diligently to mitigate information security risks to Freddie Mac. Your Impact: As a Business Lead, you will play a key role in enhancing our oversight of third-party risk management. Your responsibilities will include: Leading initiatives to conduct thorough cybersecurity risk assessments. Applying the Cybersecurity Framework (CSF) to structure and improve our risk management processes. Collaborating with various stakeholders to identify and assess potential information security risks. Developing and implementing strategic plans to effectively mitigate identified risks. Ensuring the continuous improvement of our cybersecurity posture through proactive risk management and oversight. Conducting comprehensive Information Security risk reviews and interviews with seller/servicers as part of the annual Consolidated Origination and Risk Evaluation (CORE) review. Analyzing findings from these reviews and developing a detailed risk assessment, backed by supporting evidence.
Requirements
- 8+ years of experience in risk management, internal controls, audit, or compliance, preferably within financial services or mortgage operations
- 8 to 10 years of experience in cybersecurity or cyber risk management, with a focus on highly regulated industries.
- Bachelor's degree in computer science, engineering, or a related field, or equivalent work experience, preferred.
- Proficiency in performing risk analyses, vulnerability assessments, and threat modeling.
- Proven track record of leading risk assessment and controls initiatives across business functions
- Proven experience engaging with senior leadership to understand and align with strategic goals.
- Experience in IT governance, risk, and controls, including familiarity with frameworks such as COBIT, FFIEC, ISO 2700x, and NIST.
- Strong analytical and problem-solving skills.
- Excellent communication skills for articulating technical risks to non-technical audiences.
- In-depth knowledge of cybersecurity principles, networks, and operating systems, with experience in relevant frameworks like NIST and ISO 27001
- Significant understanding of the Third-Party Risk Governance process
- Ability to perform additional duties as assigned to support the organization's evolving needs.
Nice To Haves
- Industry certifications such as Sec+, SSCP, GSEC or C|EH, preferred
Responsibilities
- Leading initiatives to conduct thorough cybersecurity risk assessments.
- Applying the Cybersecurity Framework (CSF) to structure and improve our risk management processes.
- Collaborating with various stakeholders to identify and assess potential information security risks.
- Developing and implementing strategic plans to effectively mitigate identified risks.
- Ensuring the continuous improvement of our cybersecurity posture through proactive risk management and oversight.
- Conducting comprehensive Information Security risk reviews and interviews with seller/servicers as part of the annual Consolidated Origination and Risk Evaluation (CORE) review.
- Analyzing findings from these reviews and developing a detailed risk assessment, backed by supporting evidence.
- Possess a deep understanding of NIST standards and evaluate seller/servicers' compliance with the Freddie Mac Guide.
- Identify and assess potential risks and vulnerabilities to our systems and data posed by third parties, utilizing approved monitoring tools.
- Conduct thorough risk assessments, analyze potential threats, and evaluate third-party information security processes and procedures.
- Identify associated risks and provide a comprehensive risk assessment with supporting evidence.
Benefits
- Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Industry
Credit Intermediation and Related Activities
Number of Employees
5,001-10,000 employees
