As a valued individual contributor to our team, you will advise the information security team underneath the CISO by assessing and identifying potential cyber risks that may threaten our reputation, safety, security, and/or financial success, as well as work with executive management and team members in communicating and collaborating with key stakeholders across the enterprise. Risk assessment results will be documented in detailed reports and will result in potential issues or recommendations delivered to the CISO team.
THE IMPACT YOU WILL MAKE
The Enterprise Operational Risk - Risk Management - Advisor role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:
- Advise management on the impact of proposed risks to the enterprise and recommend for updates and changes.
- Recommend changes and updates to management about processes to reduce risk using rigorous data-driven analysis.
- Evaluate and advise on the impact of Cybersecurity risks related to cyber incident management, vulnerability management, cloud security, IT security architecture, secure development operations, infrastructure security and application security risks with a keen focus on Fannie Mae’s digital transformation
- Leverage knowledge of the mortgage and/or financial services industry, technologies, and product types to actively identify, assess, respond and escalate Cybersecurity risks
- Inform, review, and challenge (as needed) Cybersecurity policies, standards and procedures to maximize efficiency and minimize risk exposure
- Partner with risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies such as risk appetite and risk and control self-assessments (RCSA).
- Comprehensively assess risks and gather insights from issues and events across relevant business areas to provide an aggregated risk assessment.
- Work with first-line to define, establish and refresh risk metrics and indicators for effective continuous monitoring of Cybersecurity risk against Fannie Mae’s risk appetite
- Contribute to monthly risk appetite reporting for Management-Level Committee and Board materials by developing and presenting risk perspectives on changing or out-of-appetite risk profiles for senior management audiences.
THE EXPERIENCE YOU BRING TO THE TEAM
Minimum Required Experiences
Desired Experiences
- Bachelor degree or equivalent
- 8-10 years of Cybersecurity Risk Management experience in an oversight role.
Skills
- Certified in Information Systems Security Professional (CISSP) required
- Additional certifications such as CRISC, CGEIT, CISA a plus
- Strong Cybersecurity operations and risk management knowledge/skills in disciplines such as incident management/response, vulnerability management, cloud security, IT security architecture, secure development operations, infrastructure security and application security
- Strong working knowledge of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, NIST 800-53, CIS 18 critical security controls, ISO27001 and other leading Cybersecurity risk management frameworks
- Demonstrated ability to function in a similar 2nd line or oversight role within a large and complex organization
- Excellent communication, teamwork, relationship management
- Excellent project management skills; self-motivated
- Risk Assessment and Management skills including evaluating and designing controls, conducting impact assessments, identifying control gaps, remediating risk, etc.
- Experience helping an organization to plan and manage change in effort to meet strategic objectives
- Skilled in presenting information and/or ideas to an audience in a way that is engaging and easy to understand
- Experience gathering accurate information to explain concepts and answer critical questions
- Governance and Compliance skills including creating policies, evaluating compliance, conducting internal investigations, developing data governance, etc.
- Influencing skills including negotiating, persuading others, facilitating meetings, and resolving conflict
Tools:
- Experience with FAIR (Factor Analysis of Information Risk) a plus
- Experience working with GRC tools such as MetricStream, ServiceNow, a plus
- Experience using Risk Works
- Experience using SharePoint
- Skilled in Excel
- Skilled in Visio
- Skilled in PowerPoint
Reference Identification#: REF13377Y
The future is what you make it to be. Discover compelling opportunities at careers.fanniemae.com.
Fannie Mae is a flexible hybrid company. We embrace flexibility for our employees to work where they choose, while also providing office space for in-person work if desired. At times, while business need may call for on-site collaboration, which means proximity within a reasonable commute to your designated office location is preferred unless job is noted as open to remote.
Fannie Mae is an Equal Opportunity Employer, which means we are committed to fostering a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, religion, national origin, gender, gender identity, sexual orientation, personal appearance, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation in the application process, email us at [email protected].
The hiring range for this role is set forth on each of our job postings located on Fannie Mae's Career Site. Final salaries will generally vary within that range based on factors that include but are not limited to, skill set, depth of experience, certifications, and other relevant qualifications. This position is eligible to participate in a Fannie Mae incentive program (subject to the terms of the program). As part of our comprehensive benefits package, Fannie Mae offers a broad range of Health, Life, Voluntary Lifestyle, and other benefits and perks that enhance an employee’s physical, mental, emotional, and financial well-being. See more here.