Operational Risk Business Lead (SFPS Cybersecurity)

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Position Overview:

The Operational Risk Business Lead is a critical member of Single-Family Portfolio & Servicing’s Crisis Response & Cyber Risk (SF-CR2) Team, serves as a cybersecurity subject matter expert with deep expertise in the application of intelligence as a matter of informing risk mitigation. You will apply that expertise in collaboration with team members and stakeholders to enhance Single-Family’s (SF) cybersecurity risk management practices and processes.

You will manage initiatives to build, enhance, and implement cybersecurity processes focused on reducing SF business risk by enhancing cyber risk monitoring, analyzing existing and future trends, and informing risk strategies for future threats. You will define and socialize changes to cybersecurity requirements, collaborate with corporate risk oversight groups to establish implementation guidance, and prepare and conduct training for SF business areas. Responsibilities also include, leading the SF division’s alignment with the NIST Framework, applicable corporate policies/standards/directives as well as regulatory requirements, performing risk assessments, creating and reporting metrics and preparing various and ad hoc reports for senior department/divisional leadership as well as our regulator. This lead role must be a strategic, thought leader, overseeing, and implementing industry standard best practices applicable to the Freddie Mac’s environment.

Our Impact:

We tackle complex challenges and promote assurance within the division and among our enterprise partners. We advance the core disciplines of risk, response, and assurance, catalyze a collaborative culture of cyber risk reduction, and help challenge assumptions, align with standards, evaluate threats, respond to incidents, and prepare for the unexpected.

Your Impact:

• Establish relationships with information security and risk management teams, becoming a trusted adviser for cybersecurity risk, control and reporting challenges

• Maintain a comprehensive understanding of the firm’s information security processes and controls, and consult process owners as new initiatives, risks, threats, control activities, and issues emerge

• Align and implement enterprise cybersecurity requirements for the division by working with Enterprise Ops & Tech, and business stakeholders to analyze changes, assess impact, refine implementation approach, and establish compliance reporting

• Lead engagements and presentations on top risks, trends and internal controls for senior department/divisional leadership, risk oversight, and cross-business consumption

• Work independently or in collaboration with other stakeholder teams to ensure work is completed on time and aligned with professional standards

• Leverage data analytics and automation knowledge to enhance current cybersecurity requirements and reporting processes

Qualifications:

• Bachelor's Degree or equivalent with 8-10+ years of relevant work experience; experience must include a minimum of 5 years in cybersecurity risk management

• Previous formal cyber threat intelligence experience is preferred

• Extensive knowledge of cybersecurity frameworks (NIST, ISO, etc.)

• Security certifications such as GCTI, CTIA, and CySA+ are desired. Additional certifications such as CISA, CRISC, or CISSP are helpful

• Extensive knowledge of cybersecurity threats, vulnerabilities, and best practices for risk management

• Critical thinking and business risk analysis skills

• Relevant degree in Management Information Systems, Cybersecurity Risk Management, Business Administration with an emphasis in Technology, Computer Science, Accounting Information Systems or related discipline

Keys to Success in this Role:

• Curiosity, critical thinking, and problem-solving skills

• Ability to deep dive into cybersecurity processes to identify and mitigate risks

• Desire to collaborate with stakeholders from many IT, cybersecurity and risk management disciplines

• Excellent professional writing skills and verbal communications to executive leadership

• Ability to convey technical information to all groups and individuals concisely and clearly both verbally and in writing to individuals with varying technical experience

• Ability to work well under minimal supervision, while maintaining calmness and clarity under pressure

Current Freddie Mac employees please apply through the internal career site.

We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

A safe and secure environment is critical to Freddie Mac’s business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

CA Applicants:  Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC.

Time-type:Full time

FLSA Status:Exempt

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.

This position has an annualized market-based salary range of $121,000 - $181,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.