Operational Risk Business Lead (SFPS Cybersecurity)

At Freddie Mac our mission of Making Home Possible is what motivates us and its at the core of everything we do. Since our charter in 1970 we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Position Overview:

The Operational Risk Business Lead is a critical member of Single-Family Portfolio & Servicings Crisis Response & Cyber Risk (SF-CR2) Team serves as a cybersecurity subject matter expert with deep expertise in the application of intelligence as a matter of informing risk mitigation. You will apply that expertise in collaboration with team members and stakeholders to enhance Single-Familys (SF) cybersecurity risk management practices and processes.

You will manage initiatives to build enhance and implement cybersecurity processes focused on reducing SF business risk by enhancing cyber risk monitoring analyzing existing and future trends and informing risk strategies for future threats. You will define and socialize changes to cybersecurity requirements collaborate with corporate risk oversight groups to establish implementation guidance and prepare and conduct training for SF business areas. Responsibilities also include leading the SF divisions alignment with the NIST Framework applicable corporate policies/standards/directives as well as regulatory requirements performing risk assessments creating and reporting metrics and preparing various and ad hoc reports for senior department/divisional leadership as well as our regulator. This lead role must be a strategic thought leader overseeing and implementing industry standard best practices applicable to the Freddie Macs environment.

Our Impact:

We tackle complex challenges and promote assurance within the division and among our enterprise partners. We advance the core disciplines of risk response and assurance catalyze a collaborative culture of cyber risk reduction and help challenge assumptions align with standards evaluate threats respond to incidents and prepare for the unexpected.

Your Impact:

• Establish relationships with information security and risk management teams becoming a trusted adviser for cybersecurity risk control and reporting challenges

• Maintain a comprehensive understanding of the firms information security processes and controls and consult process owners as new initiatives risks threats control activities and issues emerge

• Align and implement enterprise cybersecurity requirements for the division by working with Enterprise Ops & Tech and business stakeholders to analyze changes assess impact refine implementation approach and establish compliance reporting

• Lead engagements and presentations on top risks trends and internal controls for senior department/divisional leadership risk oversight and cross-business consumption

• Work independently or in collaboration with other stakeholder teams to ensure work is completed on time and aligned with professional standards

• Leverage data analytics and automation knowledge to enhance current cybersecurity requirements and reporting processes

Qualifications:

• Bachelors Degree or equivalent with 8-10 years of relevant work experience; experience must include a minimum of 5 years in cybersecurity risk management

• Previous formal cyber threat intelligence experience is preferred

• Extensive knowledge of cybersecurity frameworks (NIST ISO etc.)

• Security certifications such as GCTI CTIA and CySA are desired. Additional certifications such as CISA CRISC or CISSP are helpful

• Extensive knowledge of cybersecurity threats vulnerabilities and best practices for risk management

• Critical thinking and business risk analysis skills

• Relevant degree in Management Information Systems Cybersecurity Risk Management Business Administration with an emphasis in Technology Computer Science Accounting Information Systems or related discipline

Keys to Success in this Role:

• Curiosity critical thinking and problem-solving skills

• Ability to deep dive into cybersecurity processes to identify and mitigate risks

• Desire to collaborate with stakeholders from many IT cybersecurity and risk management disciplines

• Excellent professional writing skills and verbal communications to executive leadership

• Ability to convey technical information to all groups and individuals concisely and clearly both verbally and in writing to individuals with varying technical experience

• Ability to work well under minimal supervision while maintaining calmness and clarity under pressure

Current Freddie Mac employees please apply through the internal career site.

We consider all applicants for all positions without regard to gender race color religion national origin age marital status veteran status sexual orientation gender identity/expression physical and mental disability pregnancy ethnicity genetic information or any other protected categories under applicable federal state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodation.

A safe and secure environment is critical to Freddie Macs business. This includes employee commitment to our acceptable use policy applying a vigilance-first approach to work supporting regulatory mandates and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more please visit and register with our referral code: MAC.

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.