Information Technology Operational Risk Management (ITRM) is responsible for providing oversight of operational risks associated with all operating activities of Freddie Mac's Information Technology division. The primary responsibilities of ITRM include providing risk management, risk advisory, third party IT risk management, regulatory liaison, and policy/standards governance for the Information Technology division. This could include managing the review and publication of divisional policies and standards, defining and implementing risk management frameworks, monitoring and reporting risks and risk response, performing risk reviews and evaluations, and driving continuous improvement of risk management capabilities across IT. ITRM is led by the Vice President, IT Operational Risk & Governance.<br /><br />ITRM is looking for an experienced senior risk professional to support the 1st line Third Party IT Risk Management team that will assist with the development, implementation and execution of an IT third party risk management program. The IT Risk Senior will report directly to the IT Third Party Risk Management Manager. Working closely with the teams that represent each IT Department, the Manager will manage teams that are responsible for the consistent and logical application of key components of the IT Risk Management Framework for the IT Division. This position requires that the applicant have a strong understanding of the risk frameworks, operational risks, and the execution of risk management processes and governance within a large institution.<br /><br /><strong>Your Work Falls into Three Primary Categories:</strong><br /><br /><strong>Risk Assessment and Identification</strong> <br /> <ul> <li>Understanding how to develop and execute a Third Party IT Risk Management program.</li> <li>Identification, understanding and management of Information and Technology risk associated with the operational processes for the IT division</li> <li>Apply sound judgment in evaluating risks and controls; effectively challenge the business on the identification and acceptance of risks and the adequacy of controls.</li> <li>Perform risk assessments to reassess current risks and to identify emerging key risks (operational, compliance, technology, third party, etc.); Identify and assess control effectiveness and/or gaps.</li> </ul> <br /><strong>Risk Advisory and Communication</strong><br /> <ul> <li>Advise the IT 'customers' on means and methods to drive remediation of risk related issues and operational events</li> <li>Advise Enterprise Supply Chain contracting SMEs as needed to ensure alignment of relevant contract clauses with corporate Information Security standards</li> <li>Provide mentorship to team of risk professionals</li> </ul> <br /><strong>Risk Reporting, Metrics and Ongoing Due Diligence</strong><br /> <ul> <li>Reporting of IT risk metrics and data</li> <li>Providing transparency of risk exposures through implementing sound reporting for risk-based decision making</li> <li>Identify, assess and communicate risks as required for periodic third party assessments</li> </ul> <br />Estimated Travel: 15% to vendor locations as required<br /><br /><b>Qualifications</b><br /><br /><strong>Qualifications</strong><br /> <ul> <li>Bachelor's Degree</li> <li>5-7 years of experience working with SOX, practical experience in internal/external audits, risk management – methods and techniques for the assessment and management of risk.</li> <li>Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical and communication skills</li> <li>Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles</li> <li>Experience in IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, etc.</li> </ul> <br /><strong>Keys to Success in this Role</strong><br /> <ul> <li>Self-starter and self-motivated.</li> <li>Ability to work & collaborate effectively in a team environment.</li> <li>Sense of urgency and able to apply risk-based approach to prioritize work.</li> <li>Ability to communicate clearly, effectively, persuasively with technology and business stakeholders.</li> <li>Motivated to learn new technologies and identify process improvements and efficiencies.</li> <li>Ability to adapt to change while continuing to deliver on assigned objectives.</li> <li>Strong verbal and written communication skills.</li> </ul> <br /><strong>Top 3 Personal Competencies to Possess</strong><br /> <ul> <li>Drive for Execution – Be accountable for strong individual and team performance</li> <li>Partnership – Build trust and strong partnerships through your own and team's actions</li> <li>Growth and Development – Know or learn what is needed to deliver results and successfully compete</li> </ul> <br /><br /><b>Preferred Skills</b><br /><br /><strong>Preferred Skills</strong><br /> <ul> <li>CISA, CPA, CIA, PMP, CISSP or other relevant professional certification</li> <li>Financial Services experience</li> <li>IT Risk management experience</li> <li>Knowledge and skills across: <ul> <li>COSO</li> <li>ISACA Risk IT framework</li> <li>ISACA COBIT 5.0, ISO 31000-series and 27000-series</li> <li>13335</li> </ul> </li> </ul> <br /><br />Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you'll do important work for the housing finance system and make a difference in the lives of others. Freddie Mac is an equal opportunity and top diversity employer. EOE, M/F/D/V.