Business Information Security - Technology Management - Principal

Company Description

At Fannie Mae, futures are made. The inspiring work we do helps make a home a possibility for millions of homeowners and renters. Every day offers compelling opportunities to use tech to tackle housing’s biggest challenges and impact the future of the industry. You’ll be a part of an expert team thriving in an energizing, flexible environment. Here, you will grow your career and help create access to fair, affordable housing finance.

Job Description

THE IMPACT YOU WILL MAKE

The Business Information Security Officer (BISO)- Principal functions as a key information security advocate and is the primary liaison between Information Security and the lines or business.  The Principal is responsible for one or more major lines of business, builds relationships with stakeholders, communicates all aspects of Information Security/Cyber strategy, and operations and ensures the business partners and technology portfolios have a clear understanding of Information Security policies, standards, procedures and requirements.  You will collaborate and innovate with the business and application teams to drive positive change and influence the teams to make the appropriate risk-based decisions. You may lead a team of Information Security professionals and will operate as an enabler and differentiator for the business through innovation, with a focus on security and risk reduction.

Responsibilities:

• Build and manage relationships with lines of business technology and risk leaders to effectively communication and insure Information Security requirements are maintained and understood.
• Advise lines of business on cyber security matters based on the company's risk tolerance and information security strategy, as directed by the Chief Information Security Officer.
• Act as a trusted advisor to Information Security Leadership by connecting services and control capabilities directly with the lines of business.
• Keep the lines of business apprised of tactical and strategic information security risks and cyber security-related requirements, in addition to communicating Information Security initiatives, priorities, and remediation efforts.
• Provide regular updates to executive leadership within the lines of business on the overall Information Security health and risk environment.
• Work with a team of Information Security Consultants to provide subject-matter expertise to both lines of business and development teams, specifically in the areas of security, risk and compliance.
• Knowledge of business information security principles and practices, including risk management, security assessment, and compliance.
• Familiarity with security technologies, such as firewalls, intrusion detection and prevention systems (IDPS), and security information and event management (SIEM) systems.
• Understanding of security policies, standards, and frameworks, such as ISO 27001, NIST Cybersecurity Framework, and PCI DSS.
• Educate and influence executive leadership and associates to effectively leverage security capabilities and solutions to mitigate risks and emerging threats.
• Serve as an advisor and thought leader in Fannie Mae’s Information Security capabilities, policies, procedures and standards, awareness of and compliance with IT/Security related policies and standards.
• Act as a change agent to shift security risk identification and proactive solutions left in enterprise processes, through consultation and coordination.
• Assist with business continuity and disaster recovery plans as related to Information Security and assist with testing of plans and other scenario-based exercises.
• Familiarity with cloud computing concepts, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

Qualifications

THE EXPERIENCE YOU BRING TO THE TEAM

Basic Qualifications:

• Bachelor’s degree (or military experience) in computer/technical or business area.
• At least 8 years of experience in Information Technology, performing Security Risk Assessments or Security Consulting.
• At least 5 years of experience leading a technical team of Information Security professionals. 

Preferred Qualifications:

• Master’s degree or PhD in a related field
• 10+ years of combined experience with Security Architecture, Engineer, Operations and Data Security
• Demonstrable experience in securing public cloud environments and services (e.g. AWS, GCP, Azure)
• Experience utilizing Agile methodologies within DevOps environments
• Experience with data protection techniques and tools such as encryption, tokenization, cloud access security brokers
• Maintain industry-recognized professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), and AWS Certified Solutions Architect 
• You have a desire to work in a very fast moving, modern computing environment and a deep passion for securing modern computing platforms.
• You have a strong desire to continually learn about new technologies and possess strong conceptual thinking and communication skills.
• You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including business executives, technology leaders, and enterprise suppliers.
• You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality.
• You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives.
• You are able to describe the risks of vulnerabilities, exposure, and impact in business-impact terms.
• Excellent communication skills, both verbal and written, with the ability to communicate technical information to non-technical stakeholders.
• Strong analytical and problem-solving skills

Additional Information

JOB REF ID: REF11874Y

The future is what you make it to be. Discover compelling opportunities at careers.fanniemae.com.

Fannie Mae is an Equal Opportunity Employer, which means we are committed to fostering a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, religion, national origin, gender, gender identity, sexual orientation, personal appearance, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation in the application process, email us at careers_mailbox@fanniemae.com.
 

The hiring range for this role is set forth on each of our job postings located on Fannie Mae's Career Site. Final salaries will generally vary within that range based on factors that include but are not limited to, skill set, depth of experience, certifications, and other relevant qualifications. This position is eligible to participate in a Fannie Mae incentive program (subject to the terms of the program). As part of our comprehensive benefits package, Fannie Mae offers a broad range of Health, Life, Voluntary Lifestyle, and other benefits and perks that enhance an employee’s physical, mental, emotional, and financial well-being. See more here.