Third-Party Cybersecurity Risk Assessment Examiner

Freddie MacMcLean, VA
4d$134,000 - $200,000
Match Resume

About The Position

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose. Position Overview: Freddie Mac is seeking an experienced Cybersecurity Risk Assessment Examiner to join the Seller/Servicer Information Security Oversight Team within Third-Party Risk Management. In this role, you will oversee and assess the information security risk management practices of sellers and servicers, ensuring their compliance with Freddie Mac’s standards and relevant regulatory requirements. You will evaluate third-party cybersecurity controls and policies, identify vulnerabilities, and analyze their impact on Freddie Mac’s operations. Leveraging frameworks such as NIST CSF, you will conduct risk assessments, prepare actionable reports, monitor remediation efforts, and collaborate with internal teams to strengthen Freddie Mac’s digital security posture. Our Impact: The Seller/Servicer Information Security Oversight Team plays a critical role in safeguarding Freddie Mac’s data and digital assets. By ensuring that seller and servicer partners adhere to strict information security standards outlined in the Freddie Mac Guide, our team actively monitors, identifies, detects, and responds to cyber threats. We conduct regular vulnerability scans, implement robust risk mitigation strategies, and continuously refine our processes to protect Freddie Mac’s operations and reputation. Your Impact: As a Cybersecurity Risk Assessment Examiner, you will: Identify and analyze potential cybersecurity risks impacting Freddie Mac’s digital assets and business operations.

Requirements

  • Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field
  • 8 - 10 years of experience in cybersecurity auditing, risk assessment, IT security, or risk management; examiner roles in regulated industries may require 5+ years.
  • Strong understanding of risk assessment methodologies and security frameworks (e.g., NIST SP 800-30, ISO 27001, CIS20, GDPR).
  • Experience with vulnerability assessment tools and techniques.
  • Deep technical expertise in network communication, operating systems, security controls, and ethical hacking.
  • Excellent analytical, organizational, and communication skills.
  • Ability to work independently and collaboratively in a fast-paced environment.

Nice To Haves

  • Professional certifications such as CISA, CISSP, CISM, or CRISC preferred.
  • Demonstrate a strong understanding of Third-Party Risk Governance and adapt to evolving organizational needs.
  • Apply analytical rigor to identify, assess, and mitigate information security risks.
  • Communicate findings and recommendations clearly to senior management and external regulators.
  • Collaborate effectively across IT, compliance, and business units to drive security improvements.
  • Maintain up-to-date knowledge of cybersecurity threats, regulatory requirements, and industry best practices.
  • Exhibit initiative, attention to detail, and the ability to manage multiple priorities efficiently.

Responsibilities

  • Conduct thorough risk assessments and audits of third-party information systems, networks, and processes.
  • Assess the effectiveness of technical, physical, and administrative security controls, ensuring alignment with industry standards.
  • Review institutional policies and procedures for compliance with laws, regulations, and frameworks (e.g., FFIEC, NIST, ISO 27001, PCI DSS, HIPAA).
  • Evaluate risks associated with vendors, suppliers, and external partners, supporting third-party risk management.
  • Review the scope and frequency of vulnerability scans and assess the effectiveness of patches and threat detection tools.
  • Test and review incident response plans to ensure the organization can effectively recover from potential breaches.
  • Document findings and prepare comprehensive reports detailing vulnerabilities, risk assessments, and recommended remedial actions for senior management or external regulators.
  • Collaborate with IT, compliance, and business units to address findings and implement mitigation strategies.
  • Assist in developing and refining internal cybersecurity policies, procedures, and risk assessment methodologies.
  • Stay current with emerging cybersecurity threats, trends, and best practices to inform risk assessment processes.

Benefits

  • Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs.
  • This position has an annualized market-based salary range of $134,000 - $200,000 and is eligible to participate in the annual incentive program.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Job Search Resources

Similar Third-Party Cybersecurity Risk Assessment Examiner job opportunities

Third-Party Cybersecurity Risk Assessment Examiner
Freddie Mac
Freddie Mac3d • $134,000 - $200,000
Third-Party Cybersecurity Risk Assessment Examiner
Freddie Mac
Freddie Mac • McLean, VA2d • $134,000 - $200,000
🔥 New JobSenior Cybersecurity Third-Party Risk Analyst
Boeing
Boeing • Denver, CO1d • Hybrid
🔥 New JobCybersecurity Third-Party Risk Management Consultant
Guidehouse
Guidehouse • Bethesda, MD4d • $85,000 - $141,000
🔥 New JobSenior Cybersecurity Third-Party Risk Analyst
Boeing
Boeing • Denver, CO1d • Remote
🔥 New JobMgr/Third-Party Risk
UMB Bank
UMB Bank • Kansas City, MO1d
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service