Information Security - Technology Management - Fellow-114625-TEMPLATE

Company Description

At Fannie Mae, futures are made. The inspiring work we do makes an affordable home a reality and a difference in the lives of Americans. Every day offers compelling opportunities to impact the future of the housing industry while being part of an inclusive team thriving in an energizing environment. Here, you will help lead our industry forward and make your career.

Job Description

As a valued thought leader on our team, you will develop and operationalize strategies for maturing the enterprise cyber security posture. You will partner with the Information Security leadership team to develop technical strategies and multi-year roadmaps to enable long-term business-line and enterprise goals. You will look across our security services, products, and capabilities to identify opportunities to gain efficiency and evolve to meet future business needs.
  • Cyber Security Strategy - Developing and operationalizing strategies for maturing the enterprise cyber security posture to meet or exceed industry standards in a complex, on-prem/multi-cloud environment undergoing digital transformation.
  • Defining and driving implementation of the Fannie Mae Cyber Security Strategy in alignment with the Fannie Business and Enterprise Risk Management strategies.
  • Driving adoption of cyber security best practices for emerging technology areas including multi-cloud, ML, AI, etc.
  • Evaluate emerging cyber security solutions and incorporate into Cyber Security Enterprise-wide architecture (e.g., SOAR, AI, ML, etc.)
  • Cyber Security Enterprise-wide Architecture - Driving the standardization and guiding principles for overlaying security architecture patterns over enterprise architecture to enable technical & process controls for risk management.
  • Developing technical strategies and multi-year roadmaps spanning across all infosec domains with clearly defined capabilities that enable Fannie Mae business goals and objectives.
  • Establishing detailed infosec technical integration/API architecture for the integration of security tools to support security controls automation and automated remediation
  • Identifying and establishing tools selections criteria based on current and evolving business needs.
  • Infosec Product/Portfolio Lead - Leading the prioritization, strategy and development of cyber services for enterprise, as well as developing cyber security product portfolio strategy to enable rationalization through accountability & traceability between security objectives and security services delivery.
  • Cloud Security - Drive the technical security standards of virtualization, cloud infrastructure, and public cloud offerings and designing security configuration and controls within cloud based solutions for IaaS, PaaS, SaaS, and hybrid solutions.
  • Operational Security - Defining operational models and procedures for business solutions including the operation and maintenance of infrastructure and application security controls.
  • Information Security Standards and Frameworks - Driving security controls, tools, processes and risk management alignment with common information security standards such as: NIST CSF, SOX, SOC2, FEDRAMP, and CIS Controls.
  • Infrastructure Security - Lead integration of common infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, intrusion detection and prevention, security monitoring, and data encryption solutions.
  • Application Security - Leading the design of security controls for business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging.
  • Agile & DevOps Methodologies - Be a contributing member of a balanced team within an Agile development or DevOps environment. Focus on security-as-code and continuous compliance practices.


  • Qualifications

    Skills, Experiences:

    · Bachelor's degree in Information Systems, Cyber Security, Networking or other STEM disciplines with 12-15+ years of experience related to IT and/or cyber security.

    o Experience managing the implementation and operation of security architecture and tools (5+ years)

    o Experience working in project management roles (5+ years)

    o Experience with IT modernization (5+ years)

    o Experience with Application Security, Vulnerability Management and DevSecOps

    o Experience with Security Operations

    · Understanding of key cyber security tools to ensure that they are consistently deployed, executed, and continuously improved in alignment with business requirements.

    · Strong background in IAM and credentials management solutions and technologies (Ping, Okta, AWS Secrets Manager, Hashicorp Vault, CyberArk, etc.)

    · Background in cyber security monitoring and measurements

    · Experience with implementing security solutions for AWS, Azure and/or GCP

    · Experience with Microservices architecture

    · Experience Docker, Istio, Apigee, ECS, EKS, and Kafka

    · Experience with managing security with SaaS providers

    · Strong background in cyber security controls frameworks and regulatory requirements including NIST 800-53, NIST CSF, CSA CCM, SOX, and Privacy regulations

    · Experience leading complex security infrastructure consolidation and modernization efforts to achieve standardized, consistent and repeatable processes for delivery of services across a large agency enterprise, and optimized use of shared resources.

    · Experience effectively communicating at senior levels within a customer organization and meeting with stakeholders to formulate, review, and execute task plans and deliverable items.

    · Strong written and verbal communication skills to collaborate with customer representatives, domain experts, systems engineers and architects

    · Experience leading high performing multi-disciplinary teams

    Additional Skills, Experiences & Certifications

    · Active CISSP certification or equivalent

    · Financial industry experience is a plus

    Additional Information

    The future is what you make it to be. Discover compelling opportunities at Fanniemae.com/careers.

    Fannie Mae is an Equal Opportunity Employer, which means we are committed to fostering a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, religion, national origin, gender, gender identity, sexual orientation, personal appearance, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation in the application process, email us at careers_mailbox@fanniemae.com.

    743999754227866