Are you interested in helping solve today's most critical housing challenges? In simplest terms, Fannie Mae serves the people who house America. We work at the heart of housing by providing reliable, affordable mortgage financing in allmarkets at all times, buying loans that banks and other lenders originate, so they can fund new loans. This gives more people the opportunity to buy, refinance, or rent homes and apartments. Creating these opportunities is what drives the people who work at Fannie Mae.
For more information about Fannie Mae, visit http\\:///progress
Design and administer procedures in the organization that sustain the security of the organization?s data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization?s systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization?s data security measures.
KEY JOB FUNCTIONS
- Conduct platform or operating system vulnerability scans to assess exposure of system to attacks or hacking. Respond to questions regarding viral activity, concerns about spam/phishing etc. Produce reports.
- Serve as organization's POC for the third party certification of security procedures and use of cyber security protections. Ensure that system's security controls, policies and procedures examined, measured and validated against third party standards.
- Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
- Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.
- Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.
- Serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.
- Bachelor's Degree or equivalent required
- 6+ years of related experience
SPECIALIZED KNOWLEDGE & SKILLS
- Demonstrated cybersecurity risk management and/or IT audit experience and strong knowledge of related best practices/frameworks (e.g., NIST Cybersecurity Framework, COBIT 5, ISO). Big 4 and SOX experience a plus.- Strong working knowledge of cybersecurity controls and risks related to system access management required.- Ability to interpret and clearly convey risks and control requirement to controls owners and advise stakeholders on controldesign and risk remediation strategies.- Experience performing cybersecurity control assessments, identifying control gaps, and assisting management withconducting root cause analysis.- Proven experience working with control owners to develop clear and actionable issue remediation plans in response toaudits and assessments and overseeing remediation actions for timely completion.- Strong verbal presentation skills and demonstrated ability to produce clear, concise and high quality written deliverables.- Ability to facilitate multiple concurrent audits by working with control owners to fulfill audit requests within establishedSLAs, explaining controls to auditors and liaise regularly with Internal Audit, SOX, and other risk management functions.- Proven success in relationship building with management, business partners and technical subject matter experts.- Strong organizational and prioritization skills to deliver on-time in a fast-paced and dynamic environment.Certifications\\:- CISA, CRISC, CIA, CISM, and/or CISSP are a plus
As a condition of employment with Fannie Mae, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.
Fannie Mae is an Equal Opportunity Employer.
Associated topics: air defense, cavalry scout, classified, cyber defense, defense contract, missile, multiple launch rocket system, petty officer, secret clearance, ts sci clearance