IT Audit Manager – Cyber Risk
Audit Compliance & Quality
August 10, 2017
Staff members on the cyber risk audit team are highly-skilled audit, risk management, and/or cyber security professionals with a demonstrated ability to provide value added audit and advisory services to Freddie Mac. The team plays a critical role in shaping Freddie Mac’s approach to cyber risk by providing independent, objective, and value-added assurance of cyber risk management, governance, and controls.
The Audit Manager – Cyber Risk will be part of this team and focus on driving end-to-end audit services focused on cyber risk. This spans multiple areas, such as the governance of cyber risk down to the performance of highly technical reviews. As part of the Third Line of Defense the candidate will work closely with risk partners in the Second Line of Defense and practitioners in the First Line of Defense in both the lines of business and Information Technology. As part of the leadership of the cyber focused team you will have the opportunity to help lead coach and develop an innovative, agile and high performing team.
* Perform independent audit and advisory services of cyber risk associated operating activities of Freddie Mac to ensure that they are completed on time and in keeping with professional standards.
* Scope and execute reviews of a wide variety of cyber risks.
* Review monthly risk metrics of the First and Second Line of Defense and industry news to identify emerging issues and trends and communicate implications to senior leadership within Internal Audit and Freddie Mac.
* Based on the work performed, draft strategic, business focused audit reports to identify and communicate issues related to cyber risk.
* Make recommendations to the Audit Committee or Board of Directors on significant issues raised during audit work.
* Conduct internal training sessions to help other audit teams understand cyber risk.
* Build strong relationships with leaders across the First and Second Lines of Defense to enable strong collaboration, while maintaining Internal Audit’s independence.
* Monitor and provide consultative advice to business and IT management on current or emerging cyber security risk, control and governance matters.
* May be tasked with leading, or participating in, specific risk assessment initiatives, firm-wide process change initiatives, or conducting special investigations or pre-implementation reviews at the request of management.
* Perform and document work in accordance with Internal Audit standards.
* Maintain technical knowledge through ongoing research and review of industry publications.
* Bachelor’s degree in in Cyber Security, Cyber Risk, Management Information Systems, Computer Science, Engineering, or Math
* Certified Information Systems Security Professional (CISSP)
* Certified Information Systems Auditor (CISA), or the commitment to obtain the CISA within a year of starting
* Working knowledge of industry standards such as NIST or ISO
* Must work well in a team-oriented environment as well as individually
* Must work creatively and analytically in a problem-solving environment
* Must demonstrate effective verbal and written communication and interpersonal skills
* Project Management experience
* Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM)