Easter Seals Jobs

Job Description As a valued individual contributor to our team, you will advise the information security team underneath the CISO by assessing and identifying potential cyber risks that may threaten our reputation, safety, security, and/or financial success, as well as work with executive management and team members in communicating and collaborating with key stakeholders across the enterprise. Risk assessment results will be documented in detailed reports and will result in potential issues or recommendations delivered to the CISO team.

THE IMPACT YOU WILL MAKE

The Enterprise Operational Risk - Risk Management - Advisor role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:

• Advise management on the impact of proposed risks to the enterprise and recommend for updates and changes.

• Recommend changes and updates to management about processes to reduce risk using rigorous data-driven analysis.

• Evaluate and advise on the impact of Cybersecurity risks related to cyber incident management, vulnerability management, cloud security, IT security architecture, secure development operations, infrastructure security and application security risks with a keen focus on Fannie Mae’s digital transformation

• Leverage knowledge of the mortgage and/or financial services industry, technologies, and product types to actively identify, assess, respond and escalate Cybersecurity risks

• Inform, review, and challenge (as needed) Cybersecurity policies, standards and procedures to maximize efficiency and minimize risk exposure

• Partner with risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies such as risk appetite and risk and control self-assessments (RCSA).

• Comprehensively assess risks and gather insights from issues and events across relevant business areas to provide an aggregated risk assessment.

• Work with first-line to define, establish and refresh risk metrics and indicators for effective continuous monitoring of Cybersecurity risk against Fannie Mae’s risk appetite

• Contribute to monthly risk appetite reporting for Management-Level Committee and Board materials by developing and presenting risk perspectives on changing or out-of-appetite risk profiles for senior management audiences.

Qualifications THE EXPERIENCE YOU BRING TO THE TEAM

Minimum Required Experiences

• 6 years

Desired Experiences

• Bachelor degree or equivalent

• 8-10 years of Cybersecurity Risk Management experience in an oversight role.

Skills

• Certified in Information Systems Security Professional (CISSP) required

• Additional certifications such as CRISC, CGEIT, CISA a plus

• Strong Cybersecurity operations and risk management knowledge/skills in disciplines such as incident management/response, vulnerability management, cloud security, IT security architecture, secure development operations, infrastructure security and application security

• Strong working knowledge of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, NIST 800-53, CIS 18 critical security controls, ISO27001 and other leading Cybersecurity risk management frameworks

• Demonstrated ability to function in a similar 2nd line or oversight role within a large and complex organization

• Excellent communication, teamwork, relationship management

• Excellent project management skills; self-motivated

• Risk Assessment and Management skills including evaluating and designing controls, conducting impact assessments, identifying control gaps, remediating risk, etc.

• Experience helping an organization to plan and manage change in effort to meet strategic objectives

• Skilled in presenting information and/or ideas to an audience in a way that is engaging and easy to understand

• Experience gathering accurate information to explain concepts and answer critical questions

• Governance and Compliance skills including creating policies, evaluating compliance, conducting internal investigations, developing data governance, etc.

• Influencing skills including negotiating, persuading others, facilitating meetings, and resolving conflict

Tools:

• Experience with FAIR (Factor Analysis of Information Risk) a plus

• Experience working with GRC tools such as MetricStream, ServiceNow, a plus

• Experience using Risk Works

• Experience using SharePoint

• Skilled in Excel

• Skilled in Visio

• Skilled in PowerPoint

Fannie Mae is an Equal Opportunity Employer, which means we are committed to fostering a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, religion, national origin, gender, gender identity, sexual orientation, personal appearance, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation in the application process, email us at careers_mailbox@fanniemae.com.