VP, Information Security - Technology Management

Fannie Mae

3.9

(14)

Washington, DC

Why you should apply for a job to Fannie Mae:

  • 79% say women are treated fairly and equally to men
  • 71% would recommend this company to other women
  • 85% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Student loan repayment and employer-assisted housing program
  • Seramount (formerly “Working Mother”) 100 Best Companies 2023
  • Flexible work environment and paid leave for life’s unpredictable moments
  • #744000035164025

    Position summary

    Develop the cybersecurity architecture while ensuring alignment with broader functional and corporate strategies, including a specific focus on the following:

    • Enterprise Cyber Security Cloud****Architecture. Lead the development and implementation of strategies for maturing the enterprise cyber security posture to meet or exceed industry standards in a complex, on-prem/multi-cloud environment undergoing digital transformation.
      • Defining and driving implementation of the Fannie Mae Cyber Security Strategy in alignment with the Fannie Business and Enterprise Risk Management strategies.
      • Driving adoption of cyber security best practices for emerging technology areas including multi-cloud, ML, AI, etc.
      • Evaluate emerging cyber security solutions and incorporate into Cyber Security Enterprise-wide architecture (e.g., SOAR, AI, ML, etc.)
    • **Cyber Security Enterprise-Wide Architecture.**Drive the standardization and guiding principles for overlaying security architecture patterns over enterprise architecture to enable technical and ; process controls for risk management.
      • Developing technical strategies and multi-year roadmaps spanning across all InfoSec domains with clearly defined capabilities that enable Fannie Mae business goals and objectives.
      • Establishing detailed InfoSec technical integration/API architecture for the integration of security tools to support security controls automation and automated remediation.
      • Identifying and establishing tools selections criteria based on current and evolving business needs.
    • InfoSec Product/Portfolio Lead. Lead the prioritization, strategy, and development of cyber services for enterprise, as well as developing cyber security product portfolio strategy to enable rationalization through accountability and ; traceability between security objectives and security services delivery.
    • Cloud Security Standards and Policies. Drive the technical security standards of virtualization, cloud infrastructure, and public cloud offerings and designing security configuration and controls within cloud-based solutions for IaaS, PaaS, SaaS, and hybrid solutions.
    • **Information Security Standards and Frameworks.**Drive security controls, tools, processes and risk management alignment with common information security standards such as: NIST CSF, SOX, SOC2, FEDRAMP, and CIS Controls.
    • Infrastructure Security Architecture. Lead integration architecture and security requirements of common infrastructure security technologies and solutions into business solution architectures including the integration of identity and ; access management, intrusion detection and prevention, security monitoring, and data encryption solutions.
    • Application Security Architecture. Lead the design of security controls for business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging.
    • Agile and DevOps Methodologies. Be a contributing member of a balanced team within an Agile development or DevOps environment. Focus on security-as-code and continuous compliance practices.
    • Lead the cybersecurity technology transformation to cloud and ensure the ongoing relevance, viability and scalability of cybersecurity applications and systems. Provide leadership and direction in the innovation of bleeding edge cybersecurity technologies.

    Qualifications
    THE EXPERIENCE YOU BRING TO THE TEAM

    • 10+ years of experience managing the implementation and operation of security architecture and tools in a cloud-native environment (ideally a mastery of AWS).
    • Experience with Application Security, Vulnerability Management, Security Operations, and DevSecOps.
    • Understanding of key cyber security tools to ensure that they are consistently deployed, executed, and continuously improved in alignment with business requirements.
    • Strong background in IAM and credentials management solutions and technologies (Ping, Okta, AWS Secrets Manager, Hashicorp Vault, CyberArk, etc.).
    • Experience effectively communicating at senior levels within a customer organization and meeting with stakeholders to formulate, review, and execute task plans and deliverable items.
    • Experience leading high performing multi-disciplinary teams with a focus on attracting and developing talent.
    • Background in cyber security monitoring and measurements.
    • Experience with implementing security solutions for AWS, Azure and/or GCP.
    • Experience with Microservices architecture.
    • Experience Docker, Istio, Apigee, ECS, EKS, and Kafka.
    • Experience with managing security with SaaS providers.
    • Strong background in cyber security controls frameworks and regulatory requirements including NIST 800-53, NIST CSF, CSA CCM, SOX, and Privacy regulations.
    • Experience leading complex security infrastructure consolidation and modernization efforts to achieve standardized, consistent and repeatable processes for delivery of services across a large agency enterprise, and optimized use of shared resources.
    • Strong written and verbal communication skills to collaborate with customer representatives, domain experts, systems engineers and architects.
    • Active CISSP certification or equivalent is preferred.
    • Financial services industry experience and strong project management acumen is nice-to-have.

    Why you should apply for a job to Fannie Mae:

  • 79% say women are treated fairly and equally to men
  • 71% would recommend this company to other women
  • 85% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Student loan repayment and employer-assisted housing program
  • Seramount (formerly “Working Mother”) 100 Best Companies 2023
  • Flexible work environment and paid leave for life’s unpredictable moments