IT Risk Management Associate

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it's at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Position Overview:

The Enterprise, Operations and Technology (EO&T) Risk Enablement (RE) team provides both proactive and reactive risk management services within the EO&T division at Freddie Mac. In this position, the IT Risk Associate II will be required to drive risk and controls self-assessments (RCSAs), assist with driving the closure of EOT issues, maintain the risk and issues related data in GRC tool, and provide general risk advisory support for assigned EO&T business processes (e.g. – End User Services, Third-party Risk Mgt, Operational Risk and Governance, Data Management , Operational Resiliency, Service Management, Methodology Management, Change Management, Development Management, CMDB Management etc.). In addition, the IT Risk Associate II will also be encouraged to identify and help the RE team adopt process improvement opportunities.

Do you want to play a meaningful role in improving EO&T's divisional risk profile by helping to ensure divisional, department and business process-level IT and Operational risks are adequately identified, measured and mitigated to acceptable levels?

As part of the First Line of Defense, this individual will work closely with risk partners in the Second and Third Lines of Defense.

Our Impact:

• Partner with key business and risk management subject matter experts (SMEs) to understand and manage risks and controls associated with Technical and Operational processes, serving as a liaison for 1LOD.
• Ensuring an accurate and acceptable organizational risk posture; performing assessments on divisional and business process risk and controls, advising on effective risk reduction, and driving issues to closure.

Your Impact:

• Perform assessments of assigned business process(es) to ensure associated risks are adequately identified, measured, and mitigated via controls and / or capabilities to acceptable levels.
• Ensure completeness and accuracy of process, risk, control, and issue data within GRC tool for assigned business process(es)
• Assess the quality, completeness, accuracy, and sustainability of issue remediation and supporting evidence.
• Participate in and contribute to stakeholder and audit meetings (e.g. – Scheduling meetings, managing requests)
• Assist the team in identifying and driving process improvements for enhanced team efficiency and effectiveness, including enhanced process documentation, ensuring processes take a risk-based approach, and identifying / enhancing automation solutions where possible

Qualifications:

• Bachelor's Degree in an Information Technology, Information Security, Data Analysis, or Operational Risk Management related field or equivalent, and/or 1+ years of overall relevant experience
• Experience performing risk assessments and / or issue remediation management
• Experience with or knowledge of basic Enterprise / Operational Risk Management industry best practices (e.g. – inherent / residual risk, risk mitigation concepts), inclusive of Risk and Controls Self-Assessments (RCSA), is highly desired
• Knowledge of industry Information Security and/or Technology control frameworks to include COBIT, NIST, ISO, or ITIL
• Experience working at an organization within the Financial Industry (preferred)
• Preferred Certifications: CISA, CRISC, CISM, CISSP
• Experience performing testing controls is helpful
• Experience working in Agile environment is helpful

Keys to Success in this Role:

• Demonstrate efficient and effective verbal and written communication and interpersonal skills (e.g. – "summarize findings and recommendations to key stakeholders")
• Demonstrate intellectual curiosity and professionally challenge assumptions and the status quo (e.g. - "trust but verify')
• Ability to resolve standard or routine questions or assignments
• Ability to escalate issues / ask for assistance on tasks that are complicated or complex
• Ability to quickly learn and apply core risk management principles
• Demonstrated ability for self-motivation and passion for process improvement
• Excel in a team environment as well as individually
• Work creatively and analytically in a problem-solving environment
• Commitment to grow and sustain technical knowledge through proactive, ongoing research and review of industry publications
• Stay abreast of current industry relevant standards to find opportunities to improve Enterprise, Operational and IT Risk Management practices
• Contribute to team growth by leading team trainings and knowledge shares as appropriate

Current Freddie Mac employees please apply through the internal career site.

We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

A safe and secure environment is critical to Freddie Mac's business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit and register with our referral code: MAC.

Time-type:Full timeFLSA Status:Non-Exempt

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.

This position has an annualized market-based salary range of $62,000 - $94,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.