• As a subject matter expert of the Cybersecurity risk domain, provide oversight and challenge function for the Information Security programs of the IT division and other lines of business
• Review the Information Security operations, solutions and architecture to identify risks, evaluate effectiveness and completeness of the cybersecurity capabilities and report the findings for enhancement and opportunities
• Enhance and mature Risk Management practices by supporting the development of enterprise-wide cybersecurity policies and standards
• Provide oversight and advisory services to1st line partners regarding the application of standard requirements across a wide variety of technologies to manage risk
• Support the development and execution of controls to monitor cybersecurity compliance and drive organizational change
• Develop effective and measurable metrics (KRI, KPI and KCI) to analyze data and proactively identify trends or new/emerging risks
• Execute risk analytics and reporting
• Provide advisory consultation to lines of businesses and make course of action recommendations to manage risk

​

Oversight

​

• Effectively challenge our 1st line of defense technology teams while collaborating with the 3rd line (Internal Audit) and internal 2nd line partners.
• Collaborate with key risk areas, business partners, and IT counterparts to design action plans to address Cybersecurity and IAM risk
• Autonomously lead program execution with documented project plans, expectations and schedule
• Provide status reports, escalation and impediment resolution when needed
• Support the Director and managers in leading and managing the team

Required Qualifications:

​

• Bachelor’s Degree and minimum of 2-5 years related experience working in and/or auditing IT security areas such as penetration testing, operations, threat intelligence, monitoring, vulnerability management, identity access management, Keys and Certificate Management or security engineering in large enterprises
• Demonstrate proficiencies in above stated cybersecurity domains
• Working knowledge of industry security standards and guidance such as NIST or ISO
• Capable of working independently and with a collaborative team
• Deliver effective verbal, written and interpersonal communication skills with strong attention to detail

​

Preferred Qualifications:

​

• Formal big 4 Cybersecurity Risk Consulting, Audit or Assurance experience preferred
• Some industry leading Certifications preferred: CISSP, CISA, CRISC, CISM, CEH, and/or CIPT
• Prior experience in Cybersecurity Operational Risk Management, supporting CISO in deployment and sustainment of cybersecurity capabilities, and previous big four experience preferred
• Knowledge of cloud migration, AI, security and access management experience preferred

A safe and secure environment is critical to Freddie Mac’s business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

​

CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

​

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC.

​

Time-type: Full time

​

FLSA Status: Exempt

​

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.

​

This position has an annualized market-based salary range of $85,000 - $127,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.