IS Governance Tech Lead

Employer
Freddie Mac
Location
Reston, VA
Salary
Competitive
Posted
Feb 22, 2019
Closes
May 10, 2019
Ref
11204BR
Function
IT
Hours
Full Time
The InfoSec Governance Tech Lead drives risk reduction and maturity of InfoSec programs. The ideal candidate will have both technical skills (controls implementation and testing, risk management) and soft skills (communication, coalition building) as well as the confidence and experience to independently drive change and innovative approaches to risk reduction.

Your Work Falls into Two Primary Categories:

Issue Lifecycle Management
  • Independently lead:
    • Risk reduction activities
    • Issue remediation projects (in coordination with key stakeholders)
  • Serve as the organization spokesperson on specialized projects or programs
  • Plan and manage simultaneous technical and/or risk reduction projects
  • Support issue lifecycle management using risk assessments to determine severity of issues, partnering with process owners for the timely development of remediation action plans, documenting closure packages and providing oversight during ongoing remediation efforts
  • Partner with the IT Risk Management team and liaise with 2nd and 3rd lines of defense, maintaining excellent relationships and providing transparency of information systems and security programs
  • Coordinate and track InfoSec related audits including scope of audits, timelines, outcomes, and evidence gathering
  • Knowledge of systems development lifecycle (SDLC)
  • Ability to create and/or drive project schedule development, including task definition, duration, and resource estimates, work breakdown schedule, contingency planning
  • Experience working with project management methodology including budget development, project planning, control and assurance methodologies, project management software and finance and accounting concepts and practices
  • Provide guidance, evaluation, and advocacy on audit responses

Governance & InfoSec Maturity
  • Independently lead controls implementation / testing activities related to InfoSec program (including but not limited to patch management, anti-virus program, vulnerability detection, threat analysis & response, network intrusion & response, security incident response and escalation / crisis management)
  • Serve as the organization spokesperson on specialized projects or programs
  • Develop, administer and train on InfoSec governance processes as described in the InfoSec Strategy
  • Develop, implement and manage controls framework elements supporting InfoSec governance
  • Support the enhancement of the current set of InfoSec risks & controls in alignment with the Cyber Capability Model and IT Risk Management Framework
  • Create, update, and train on InfoSec Directives ensuring alignment with Corporate policies and standards
  • Plan and manage simultaneous technical and/or risk reduction projects
  • Advise InfoSec management on:
    • Quarterly risk assessments
    • Identification and logging of emerging risks
    • Assessing and implementing changes to processes, risks & controls
  • Advise InfoSec Management on mitigating risks associated with InfoSec maturity assessments


Qualifications

  • Typically has 8-10 years' experience.
  • Master degree in computer science, information systems or related field is desired.
  • CISM, COSO certification/training, CISSP, or related.
  • Knowledge and experience with risk management processes, techniques, and tools (e.g., risk qualification and analysis, risk metrics and thresholds, providing management responses) preferably in the Financial Services Industry.
  • Excellent written and verbal communications skills. Strong presence and ability to communicate effectively with all stakeholders (senior executives, business leaders, engineers, and end users) on topics ranging from governance and controls implementation to risk management.
  • Ability to work collaboratively, establish credibility, and working relationship within division and within the corporation, with stakeholders and partners to ensure a shared outcome.
  • Project management methodology including budget development, project planning, control and assurance methodologies, project management software and finance and accounting concepts and practices.

Keys to Success:
  • Building relationships and collaborations with key stakeholders
  • Clearly communicating and managing timelines and expectations
  • Thorough understanding of InfoSec controls and risk management strategies

Top 3 Personal Competencies:
  • Leadership - Set and execute upon a clear vision, strategy, and/or goals
  • Drive for Execution - Treat obstacles as challenges to overcome, not excuses
  • Customer Focus (Internal and External) - Deliver prompt and high-quality customer service


Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you'll do important work for the housing finance system and make a difference in the lives of others. Freddie Mac is an equal opportunity and top diversity employer. EOE, M/F/D/V.

Similar jobs