This Information Security Professional will be part of the Information Security department in the Information Technology Division. Information Security engages with multiple areas – risk, compliance, business area management, technology owners and external stakeholders. The position will provide timely and quality service to ensure that IS vulnerabilities and misconfigurations are adequately identified, communicated, and tracked for remediation. In this role, you will be a key part of the team that identifies and produces vulnerability management and risk assessment reports in support of Freddie Mac’s Security Assurance Program. You will also support information security needs to comply with organization’s goals in risk mitigation strategies via metrics and reporting. This will include both direct and indirect support of customer needs and requirements. Potential tasks include analyzing threats and vulnerabilities, communicating risks associated with vulnerabilities, and supporting customers in risk remediation strategies.
Your Work Falls into Three Primary Categories:
Vulnerability Management Reporting and Analytics
- Reporting of vulnerabilities across infrastructure and network devices, operating systems and databases (on-premises and in-cloud)
- Ability to validate vulnerabilities and misconfigurations via scripts
- Provide first level asset impact list for any open vulnerability
- Assist communications and stakeholder engagements in communicating vulnerabilities to system owners
- Monitors various sources for identifying threats and vulnerabilities on a continuous basis – including, commercial and Opensource tools to quickly analyze, detect, and notify potential threats and vulnerabilities
Scanning and Monitoring of External Web-domains
- Assist in managing security monitoring of external web domains, with respect to vulnerabilities and misconfiguration
- Provide initial communication and coordination with domain owners for open vulnerabilities
- Coordinate with vendor SME on configuration of the external scanning tool to meet requirements
- Develop and maintain standard operating procedures, rules of engagement and status reporting of each assessment and task
- Effectively track responses from lines of business and efforts to remediate risks.
- Communicate metrics and other vulnerability reports with business stakeholders
- Establish and maintain business relationships with individual contributors as well as management
- Bachelor’s Degree in Information Technology or related field or equivalent work experience.
- Typically 2-4 years related experience in Cyber Security/Information Security or a related field.
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources for the purposes of documenting results and analyzing findings to provide advanced threat intelligence.
- Demonstrable understanding of computer networking concepts, communication protocols, primary threat actor attack methods and tools.
- Ability to understand and learn technical specifications, system requirements and other application design information as needed.
- Excellent analytical skills and attention to detail.
- Strong written communication skills including experience with reports and presentations for executive audiences.
- Financial services experience preferred.
Keys to Success in this Role
- Information Security/IT Background
- Excellent Communication, stakeholder management skills
- To be able to understand and work effectively with diverse IT and Business groups
Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you’ll do important work for the housing finance system and make a difference in the lives of others. Freddie Mac is an equal opportunity and top diversity employer. EOE, M/F/D/V.
Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC. Once registered, Freddie Mac will have access to your contact information should we choose to engage your agency for future hiring needs.
< BACK TO SEARCH RESULTS