IT Risk Management Associate

At Freddie Mac our mission of Making Home Possible is what motivates us and its at the core of everything we do. Since our charter in 1970 we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Position Overview:

The Enterprise Operations and Technology (EO&T) Risk Enablement (RE) team provides both proactive and reactive risk management services within the EO&T division at Freddie this position the IT Risk Associate II will be required to drive risk and controls self-assessments (RCSAs) assist with driving the closure of EOT issues maintain the risk and issues related data in GRC tool andprovidegeneralrisk advisory support for assigned EO&T business processes(e.g. End User Services Third-party Risk Mgt Operational Risk and Governance Data Management Operational Resiliency Service Management Methodology Management Change Management Development Management CMDB Management etc.). In addition the IT Risk Associate II will also be encouraged to identify and help the RE team adopt process improvement opportunities.

Do you want to play a meaningful role inimproving EO&Tsdivisional risk profileby helping to ensuredivisionaldepartment andbusiness process-levelIT and Operationalrisks areadequatelyidentifiedmeasured and mitigatedto acceptable levels

As part of the First Line of Defense this individual will work closely with risk partners in the Second and Third Lines of Defense.

Our Impact:

• Partner with key business and risk management subject matter experts (SMEs) to understand and manage risks and controls associated with Technical and Operational processes serving as a liaison for 1LOD.
• Ensuring an accurate and acceptable organizational risk posture; performing assessments on divisional and business process risk and controls advising on effective risk reduction and driving issues to closure.

Your Impact:

• Perform assessments of assigned business process(es) to ensure associated risks are adequately identified measured and mitigated via controls and / or capabilities to acceptable levels.
• Ensure completeness and accuracy of process risk control and issue data within GRC tool for assigned business process(es)
• Assess the quality completeness accuracy and sustainability of issue remediation and supporting evidence.
• Participate in and contribute to stakeholder and audit meetings (e.g. Scheduling meetings managing requests)
• Assist the team in identifying and driving process improvements for enhanced team efficiency and effectivenessincluding enhanced process documentation ensuring processes take a risk-based approach andidentifying /enhancing automationsolutionswhere possible

Qualifications:

• Bachelors Degree in an Information Technology Information Security Data Analysis or Operational Risk Management related field or equivalent and/or 1 years of overall relevant experience
• Experience performing risk assessments and / or issue remediation management
• Experience with or knowledge of basic Enterprise / Operational Risk Management industry best practices (e.g. inherent / residual risk risk mitigation concepts) inclusive of Risk and Controls Self-Assessments (RCSA) is highly desired
• Knowledge of industry Information Security and/or Technology control frameworks to include COBIT NIST ISO or ITIL
• Experience working at an organization within the Financial Industry (preferred)
• Preferred Certifications: CISA CRISC CISM CISSP
• Experience performing testing controls is helpful
• Experience working in Agile environment is helpful

Keys to Success in this Role:

• Demonstrate efficient and effective verbal and written communication and interpersonal skills (e.g. summarize findings and recommendations to key stakeholders)
• Demonstrate intellectual curiosity and professionally challenge assumptions and the status quo (e.g. - trust but verify)
• Ability to resolve standard or routine questions or assignments
• Ability to escalate issues / ask for assistance on tasks that are complicated or complex
• Ability to quickly learn and apply core risk management principles
• Demonstrated ability for self-motivation and passion for process improvement
• Excel in a team environment as well as individually
• Work creatively and analytically in a problem-solving environment
• Commitment to grow and sustain technical knowledge through proactive ongoing research and review of industry publications
• Stay abreast of current industry relevant standards to find opportunities to improve Enterprise Operational and IT Risk Management practices
• Contribute to team growth by leading team trainings and knowledge shares as appropriate

Current Freddie Mac employees please apply through the internal career site.

We consider all applicants for all positions without regard to gender race color religion national origin age marital status veteran status sexual orientation gender identity/expression physical and mental disability pregnancy ethnicity genetic information or any other protected categories under applicable federal state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodation.

A safe and secure environment is critical to Freddie Macs business. This includes employee commitment to our acceptable use policy applying a vigilance-first approach to work supporting regulatory mandates and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more please visit and register with our referral code: MAC.

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.