Cyber Security & IT Operations Manager (SME)

Freddie Mac   •  

West Mclean, VA

Industry: Finance & Insurance


8 - 10 years

Posted 39 days ago

As an IT Audit Manager (SME-IT), your work falls into three categories:

Audit/Project Execution

  • Work with audit teams to provide input to and challenge the scope of cyber risk related work.
  • Help audit teams identify appreciate review and testing procedures to effectively test whether cyber risk related controls are in place.
  • Lead discovery and walk through meetings with the Information Technology and Information Security teams to understand and evaluate cyber risk related controls in Freddie Mac's IT environment.
  • Provide input to and/or perform cyber risk-based assessments of shared infrastructure and / or business owned applications.
  • Based on the work performed, identify strategic, business focused issues related to cyber risk.
  • Build strong relationships with leaders across the First and Second Lines of Defense to enable strong collaboration, while maintaining Internal Audit's independence.
  • May be tasked with leading, or participating in, specific risk assessment initiatives, firm-wide process change initiatives, conducting special investigations, or performing on going monitoring.
  • Perform and document work in accordance with Internal Audit standards.

Conduct Research and Provide Training

  • Maintain and grow technical knowledge through ongoing research and review of industry publications.
  • Monitor external trends and perform research to provide consultative advice to audit, business and IT management on current or emerging cyber security risk, control and governance matters.
  • Conduct internal training sessions to help other audit teams understand cyber risk and information technology concepts.

People Management

  • Be the manager of choice and role model for your team
  • Regularly evaluate employees and offer candid feedback
  • Help team members develop and achieve professional goals
  • Participate n the recruiting process


Preferred Skills

  • Minimum of 8 years working experience. Experience must include a minimum of:
  • 4 years working in IT operations or IT security areas such as application security, penetration testing, forensics, threat management, security engineering, system security assessments, and/or public cloud environments.
  • 2 years working experience with common standards such as ISO 270001, ISO 20000, NIST 800-53, OWASP, and/or ITIL
  • Bachelor's degree in in Cyber Security, Cyber Risk, Management Information Systems, Computer Science, Engineering, or Math
  • CISA or willingness to obtain CISA within 12 months
  • Demonstrated expertise in cyber security
  • In depth knowledge and experience evaluating against cyber security industry standards such as NIST or ISO
  • Must work well in a highly collaborative and team-oriented environment
  • Must work creatively and analytically in a problem-solving environment
  • Must demonstrate effective verbal and written communication and interpersonal skills