IT Third Party Risk Senior

Freddie Mac
McLean, Virginia
May 03, 2021
May 26, 2021
Full Time
At Freddie Mac, you will do important work to build a better housing finance system and you'll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation.

Position Overview:

IT Risk Advisory (ITRA) is looking for an experienced risk professional to support the 1st line Third Party IT Risk Management team that will assist with the maturity, implementation and execution of an IT third party risk management program. Areas of support will include Risk Advisory, Risk Assessment, Third Party IT Risk Management, and compliance with associated Polices and Standards. This position requires that the applicant have a solid understanding of risk assessments, risk frameworks, operational risks, the third party risk lifecycle (including the review of supplier risk assessments and documentation, ) and the execution of risk management processes and governance within a large institution.

**This position can be performed currently from a remote location in the U.S. but will require presence in a Freddie Mac office in the future.***
Our Impact:

Information Technology Operational Risk Management is responsible for providing oversight of operational risks associated with all operating activities of Freddie Mac's Information Technology division. The primary responsibilities of IT Operational Risk include providing risk management, risk advisory and third party IT risk management, regulatory liaison, and policy/standards governance for the Information Technology division. This could include supporting the review of and compliance with divisional policies and standards, defining and implementing risk management frameworks, monitoring and reporting risks and risk response, performing risk reviews and evaluations, and driving continuous improvement of risk management capabilities across IT. IT Operational Risk is led by the Vice President, IT Operational Risk & Governance.

IT Risk Advisory's Third Party Risk function supports the effective assessment and IT-related review of third parties that support the organization as well as the management of third party risk for the IT division.
Your Impact:
The IT Third Party Risk Senior will be responsible for supporting the execution of IT Third Party Risk Management program functions including:

Risk Assessment and Identification
  • Perform third party IT risk assessments to reassess current risks and to identify emerging key risks (operational, compliance, technology, third party, etc.); Identify and assess control effectiveness and/or gaps through the review of key vendor-provided documentation (SIG, SOC 2 Type II, Vulnerability Scans, Penetration Tests, etc.)
  • Provide Subject Matter Assessor expertise to support the review of key inherent information and technology risks associated with a product or service
  • Identification, understanding and management of operational information and technology third party risks
  • Apply sound judgment in evaluating risks and controls; effectively challenge the business on the identification and acceptance of risks and the adequacy of controls.
  • Perform risk assessments to reassess current risks and to identify emerging key risks (operational, compliance, technology, third party, etc.); Identify and assess control effectiveness and/or gaps.

Risk Advisory and Communication
  • Advise the IT "customers" on means and methods to drive remediation of risk related issues and operational events
  • Advise Enterprise Supply Chain contracting SMEs as needed to ensure alignment of relevant contract clauses with corporate Information Security standards
  • Provide mentorship to team of risk professionals

IT Third Party Risk Program
  • Support the maturity and execution of the division's Third Party IT Risk Management program
  • Support monthly reporting of IT risk metrics and data
  • Providing transparency of risk exposures through implementing sound reporting for risk-based decision making
  • Identify, assess and communicate risks as required for periodic third party assessments

  • Bachelor's Degree or equivalent work experience
  • 5-7 years of experience working with risk management - methods and techniques for the assessment and management of risk (including key third-party risks.)
  • Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical and interpersonal skills
  • Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles
  • Experience in IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, etc.
Keys to Success in this Role:
  • Self-starter and self-motivated.
  • Ability to work & collaborate efficiently in a team environment.
  • Has the ability to apply risk based approach to prioritize work.
  • Ability to communicate clearly, optimally, persuasively with technology and business partners.
  • Motivated to learn new technologies and identify process improvements and efficiencies.
  • Ability to adapt to change while continuing to deliver on assigned objectives.

Current Freddie Mac employees please apply through the internal career site.

Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you'll do important work for the housing finance system and make a difference in the lives of others.

We are an equal opportunity employer and value diversity and inclusion at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by applicable law. We will ensure that individuals with differing abilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit and register with our referral code: MAC.

Time-type:Full time

Job Category:Risk

FLSA Status:Exempt

Similar jobs