Cyber Security & IT Operations Manager (SME)

Freddie Mac
McLean, VA
Jul 19, 2019
Jul 23, 2019
Audit and Tax
Full Time
Are you passionate about cyber security? Do you love to deep dive complex technologies and help your company better manage risks? Does it excite you to roll-up-your-sleeves and deliver results in a highly collaborative and agile environment? Do you enjoy doing research on new technologies and helping other people understand them? If so, we are your next destination employer! Apply to be part of our team of highly experienced auditors and technical experts who help Freddie Mac make home possible through independent assurance, advice, and insight!

As an IT Audit Manager (SME-IT), your work falls into three categories:

Audit/Project Execution
  • Work with audit teams to provide input to and challenge the scope of cyber risk related work.
  • Help audit teams identify appreciate review and testing procedures to effectively test whether cyber risk related controls are in place.
  • Lead discovery and walk through meetings with the Information Technology and Information Security teams to understand and evaluate cyber risk related controls in Freddie Mac's IT environment.
  • Provide input to and/or perform cyber risk-based assessments of shared infrastructure and / or business owned applications.
  • Based on the work performed, identify strategic, business focused issues related to cyber risk.
  • Build strong relationships with leaders across the First and Second Lines of Defense to enable strong collaboration, while maintaining Internal Audit's independence.
  • May be tasked with leading, or participating in, specific risk assessment initiatives, firm-wide process change initiatives, conducting special investigations, or performing on going monitoring.
  • Perform and document work in accordance with Internal Audit standards.

Conduct Research and Provide Training
  • Maintain and grow technical knowledge through ongoing research and review of industry publications.
  • Monitor external trends and perform research to provide consultative advice to audit, business and IT management on current or emerging cyber security risk, control and governance matters.
  • Conduct internal training sessions to help other audit teams understand cyber risk and information technology concepts.

People Management
  • Be the manager of choice and role model for your team
  • Regularly evaluate employees and offer candid feedback
  • Help team members develop and achieve professional goals
  • Participate n the recruiting process


  • Minimum of 8 years working experience. Experience must include a minimum of:
    • 4 years working in IT operations or IT security areas such as application security, penetration testing, forensics, threat management, security engineering, system security assessments, and/or public cloud environments.
    • 2 years working experience with common standards such as ISO 270001, ISO 20000, NIST 800-53, OWASP, and/or ITIL
  • Bachelor's degree in in Cyber Security, Cyber Risk, Management Information Systems, Computer Science, Engineering, or Math
  • CISA or willingness to obtain CISA within 12 months
  • Demonstrated expertise in cyber security
  • In depth knowledge and experience evaluating against cyber security industry standards such as NIST or ISO
  • Must work well in a highly collaborative and team-oriented environment
  • Must work creatively and analytically in a problem-solving environment
  • Must demonstrate effective verbal and written communication and interpersonal skills

Keys to Success in this Role:
  • A mindset that embraces innovation and is not afraid of failure
  • Highly collaborative
  • Ability to explain technical concepts to non-technical people
  • A drive to continuously learn and develop

Top Three Personal Competencies:
  • Drive for Execution-Be accountable for strong individual and team performance
  • Customer Focus- Personally engage with customers to learn their needs
  • Seek and Embrace Change- Continuously improve work processes rather than accepting the status quo

Preferred Skills

Preferred Skills
  • Experience in conducting Information Security audits
  • Project Management experience
  • Certified Ethical Hacker (CEH
  • Certified Information Security Manager (CISM)
  • Computing Technology Industry Association (CompTIA)
  • Certified Information Systems Security Professional (CISSP)

Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you'll do important work for the housing finance system and make a difference in the lives of others. Freddie Mac is an equal opportunity and top diversity employer. EOE, M/F/D/V.

Similar jobs