Audit Manager – Cyber Risk

Freddie Mac

Position Overview

Freddie Mac’s Internal Audit team is building a strong cyber audit team to help protect Freddie Mac against cyber threats.
Staff members on the cyber risk audit team are highly-skilled audit, risk management, and/or cyber security professionals with a demonstrated ability to provide value added audit and advisory services to Freddie Mac. The team plays a critical role in shaping Freddie Mac’s approach to cyber risk by providing independent, objective, and value-added assurance of cyber risk management, governance, and controls.
The Audit Manager – Cyber Risk will be part of this team and focus on driving end-to-end audit services focused on cyber risk. This spans multiple areas, such as the governance of cyber risk down to the performance of highly technical reviews. As part of the Third Line of Defense the candidate will work closely with risk partners in the Second Line of Defense and practitioners in the First Line of Defense in both the lines of business and Information Technology. As part of the leadership of the cyber focused team you will have the opportunity to help lead coach and develop an innovative, agile and high performing team.

Responsibilities include:
• Perform independent audit and advisory services of cyber risk associated operating activities of Freddie Mac to ensure that they are completed on time and in keeping with professional standards.
• Scope and execute reviews of a wide variety of cyber risks.
• Review monthly risk metrics of the First and Second Line of Defense and industry news to identify emerging issues and trends and communicate implications to senior leadership within Internal Audit and Freddie Mac.
• Based on the work performed, draft strategic, business focused audit reports to identify and communicate issues related to cyber risk.
• Make recommendations to the Audit Committee or Board of Directors on significant issues raised during audit work.
• Conduct internal training sessions to help other audit teams understand cyber risk.
• Build strong relationships with leaders across the First and Second Lines of Defense to enable strong collaboration, while maintaining Internal Audit’s independence.
• Monitor and provide consultative advice to business and IT management on current or emerging cyber security risk, control and governance matters.
• May be tasked with leading, or participating in, specific risk assessment initiatives, firm-wide process change initiatives, or conducting special investigations or pre-implementation reviews at the request of management.
• Perform and document work in accordance with Internal Audit standards.
• Maintain technical knowledge through ongoing research and review of industry publications


• Minimum of 8 years working in and/or auditing IT security areas such as penetration testing, security monitoring, forensics, threat management, vulnerability management, security engineering, and system security assessments
• Bachelor’s degree in in Cyber Security, Cyber Risk, Management Information Systems, Computer Science, Engineering, or Math
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA), or the commitment to obtain the CISA within a year of starting
• Working knowledge of industry standards such as NIST or ISO
• Must work well in a team-oriented environment as well as individually
• Must work creatively and analytically in a problem-solving environment
• Must demonstrate effective verbal and written communication and interpersonal skills

Preferred Skills

• Experience in conducting Information Security audits
• Project Management experience
• Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM)

Closing Statement

Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you’ll do important work for the housing finance system and make a difference in the lives of others. Freddie Mac is an equal opportunity and top diversity employer. EOE, M/F/D/V.

To apply for this job please visit the following URL: →