IT Tech Lead for the IT Risk Management Framework
Location: McLean, VA
- Information Technology Division exists to enable and transform Freddie Mac’s business. We provide systems and technology that benefit the enterprise, customers, employees, and our business partners. As a Risk & Control Tech Lead, you are an advocate and champion of the risk framework and policy – driving awareness, execution, and increased maturity across the IT process areas and division.
- As a subject matter expert in risk & controls governance and risk management, you will partner with IT leadership teams and staff to drive change to effectively manage the establishment and implementation of the IT Risk Management Framework. The ideal candidate has demonstrated experience leading organizational efforts establishing IT Risk Management Frameworks, adopting maturity models, and leading assessments against industry recognized standards for IT security and risk management. Additionally, the candidate will require excellent organizational, leadership, communication and relationship management skills.
Your work falls into four primary categories: (your job description can be two or three categories).
Operational Risk Management Framework:
- Support IT division’s top risk and control priorities
- Support implementation of operational risk requirements related to Three Lines of Defense initiatives
- Support implementation of IT Risk Management Framework, and oversee efforts to drive increased process and capability maturity across the IT Division
1st LOD Operational Risk Management Activities:
- Facilitate assessment of current and target state maturity of IT processes and capabilities, and development of corresponding plans and roadmaps
- Facilitate establishment of governance model for IT Risk Management Framework, supporting measurement, monitoring, reporting and compliance efforts for IT Risk Management Framework
- Lead communication and engagement efforts with IT stakeholders, across the lines of defense, and with senior leadership related to Framework implementation and compliance
- Facilitate development and administer IT Risk Management/Awareness training across IT Division
- You are an advocate and champion of the corporate risk framework and policy – driving awareness, adoption and execution of target-state maturity across IT processes and capabilities to reduce risk to Freddie Mac and increase resilience.
- Provide guidance, support and risk challenge to IT stakeholders in the development and documentation of IT processes and capabilities - assessing gaps against industry and corporate standards and requirements, evaluating processes and controls, remediation plans, and ensuring compliance.
- 5-7 years of risk, control, compliance, or operational risk experience in the financial services industry
- Demonstrated experience leading implementation of IT risk management frameworks and standards (NIST, ISO), and maturity models (FFIEC, CMMI)
- Bachelor’s degree in Finance, Accounting, IT Management or equivalent work experience
- Key to success in this role:
- Ability to develop effective relationships across the firm
- Ability to influence others
- Ability to align oneself with their team and what is right for the company, not just their own area
- Ability to focus on real results rather than the appearance of results
- Ability to personally engage with customers to learn their needs
- CISA, CPA, CIA, PMP, CISSP or other relevant professional certification
- Subject matter expert knowledge of IT risk management frameworks
- Knowledge of Tableau, Excel, PowerPoint, SharePoint
- Project Management