Head Of Cyber Security Risk - Technology And Operations Risk Management - Senior Director

Playing an essential role in the U.S. economy, Fannie Mae is foundational to housing finance. Here, your expertise can help fuel purpose-driven innovation that expands access to homeownership and affordable rental housing across the country. Join Fannie Mae to grow your career and help people find a place to call home.

Job Description

As the Senior Director, Cybersecurity Risk, you will serve as the Head of Cybersecurity Risk, leading the firm's first line cybersecurity risk strategy and governance across the enterprise. You will shape and execute a comprehensive cyber risk management approach that aligns with business objectives, regulatory expectations, and industry standards.

Leveraging deep expertise across cybersecurity risk disciplines, including vulnerability management, identity and access management, data protection, application security, cloud security, cyber assurance, and security operations, you will identify, oversee, and mitigate cyber, compliance, and operational risks in line with firm standards. You will partner closely with internal stakeholders and regulators to maintain a clear, enterprise‑wide view of the cyber risk posture and its impact on the business, strengthening resilience in an evolving threat landscape

Position is based out of Plano, TX. Fannie Mae does provide the opportunity for relocation assistance.

The Impact You Will Make

You will shape enterprise cyber risk outcomes, enhance transparency, and serve as a trusted advisor to executive leadership and regulators.

Key Responsibilities

• Develop and execute the enterprise cybersecurity risk management strategy, including supporting policies, processes, and initiatives aligned to firm standards, regulatory requirements, and industry best practices.
• Lead enterprise cyber risk identification, assessment, prioritization, and mitigation, including ownership of the annual top cyber risk assessment and ongoing maturity of risk methodologies.
• Oversee cybersecurity risk governance, reporting, issue management, and control effectiveness, providing clear insights to senior leaders and governance forums.
• Define and standardize governance reporting standards, templates, cadence, and content expectations to ensure consistency, clarity, and comparability of cyber risk reporting.
• Coordinate cyber risk governance alignment across the CISO organization, ORM, IT, audit, and other stakeholders to ensure consistent interpretation and application of risk standards.
• Establish and maintain strong relationships with internal and external stakeholders, including cross‑functional leaders, regulators, and auditors.
• Support alignment with applicable regulatory and industry cybersecurity risk management frameworks and expectations (e.g., FHFA, FFIEC, NIST CSF, CRI Profile, or equivalent).
• Support Cyber Risk Institute (CRI) maturity and controls assessments, including coordination with internal stakeholders and external auditors.
• Drive traceability, documentation, and auditability of cyber risk outputs, ensuring evidence and decision logic meet regulatory, internal audit, and examination standards.

Qualifications

• 15+ years of experience in cybersecurity, technology risk, or related risk disciplines.
• Bachelor's degree or equivalent professional experience.
• Demonstrated experience engaging senior executives and regulatory stakeholders.

Preferred Qualifications

• Master's degree.
• Professional certifications such as CISSP, CISA, or CRISC.

Qualifications

Active Directory (AD), Active Directory (AD), Amazon Web Services (AWS), Artificial Intelligence (AI), Authentication Management, Business Process Management Skills, Cloud Security, Cloud Technology, Collaborating Cross-Functionally, Communication, Configuration Management (CM), Conflict Resolution, Coordination, CyberArk, Cyber Risks, Cybersecurity Analysis, Cybersecurity Risk Management, Data Analysis, Database Management, Data Mining, Data Visualization, Delegating Tasks, Enterprise Information Security Architecture, Enterprise Risk Management (ERM), Governance and Compliance Skills {+ 26 more}

Education:

Bachelor's Level Degree (Required), Master's Level Degree

The future is what you make it to be. Discover compelling opportunities at Fanniemae.com/careers.

For most roles, employees are expected to work onsite on a regular basis at their designated office location. In-office work cadence is determined by your manager. Proximity within a reasonable commute to your designated office location is preferred unless the job is noted as open to remote.

Fannie Mae is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity/gender expression, marital or parental status, or any other protected factor. Fannie Mae is committed to providing reasonable accommodations to qualified individuals with disabilities who are employees or applicants for employment, unless to do so would cause undue hardship to the company. If you need assistance using our online system and/or you need a reasonable accommodation related to the hiring/application process, please complete this form.

The hiring range for this role is set forth below. Final salaries will generally vary within that range based on factors that include but are not limited to, skill set, depth of experience, certifications, and other relevant qualifications. This position is eligible to participate in a Fannie Mae incentive program (subject to the terms of the program). As part of our comprehensive benefits package, Fannie Mae offers a broad range of Health, Life, Voluntary Lifestyle, and other benefits and perks that enhance an employee's physical, mental, emotional, and financial well-being. See more here.

Requisition compensation:

200000

to

269000