Freddie Mac is a public government-sponsored enterprise that provides mortgage capital to lenders. The IT Risk Professional will join the EO+T Risk Management team, responsible for developing and executing the operational risk management and governance program while identifying and managing emerging risks across the division.
Partner with key business and risk management subject matter experts (SMEs) to understand and manage risks and controls associated with Technical and Operational processes, serving as a liaison for 1LOD.
Ensuring an accurate and acceptable organizational risk posture; performing assessments on divisional and business process risk and controls, advising on effective risk reduction, and driving issues to closure.
Perform assessments of assigned business process(es) to ensure associated risks are adequately identified, measured, and mitigated via controls and / or capabilities to acceptable levels.
Ensure completeness and accuracy of process, risk, control, and issue data within GRC tool for assigned business process(es)
Assess the quality, completeness, accuracy, and sustainability of issue remediation and supporting evidence.
Participate in and contribute to stakeholder and audit meetings (e.g. – Scheduling meetings, managing requests)
Assist the team in identifying and driving process improvements for enhanced team efficiency and effectiveness, including enhanced process documentation, ensuring processes take a risk-based approach, and identifying / enhancing automation solutions where possible.
Sustain and grow technical knowledge through ongoing research and review of industry publications.
Stay abreast of current industry relevant standards to find opportunities to improve Enterprise, Operational and IT Risk Management practices.
Contribute to team growth by leading team trainings and knowledge shares as appropriate.
Qualification
Required
2-4 years of relevant experience
Bachelor's Degree in Information Technology, Information Security, Data Analysis, or Operational Risk Management related field or equivalent
Experience performing risk assessments and / or issue remediation management
Preferred
Experience with or knowledge of basic Enterprise / Operational Risk Management industry best practices (e.g. – inherent / residual risk, risk mitigation concepts), inclusive of Risk and Controls Self-Assessments (RCSA), is highly desired
Knowledge of industry Information Security and/or Technology control frameworks to include COBIT, NIST, ISO, or ITIL
