Fannie Mae Careers

Director of Operational Risk - Cyber

Washington, District of Columbia
Risk Management

Job Description


Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.

Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.

For more information about Fannie Mae, visit


The Director of Operational Risk - Cyber will constitute the core of the independent oversight of all information security risks for Fannie Mae. This position will identify, assess, measure and monitor the company's cyber risk as well as coordinate with the ORM functional groups (e.g., ORM Governance, ORM Risk Analytics, etc), Enterprise Risk Management Functions as well as Chief Information Security Officer from the first line to deliver against the risk agenda.This role is primarily an individual contributor role which will draw resourcing assistance from larger ERM/ORM team.

The Director of Operational Risk - Cyber is a specialty role to maintain expertise in risk oversight of information security/cyber related risk.  Plan and direct the work of a unit whose staff identify, measure, and monitor the company's operational risk in how its transactions and infrastructure function. Staff assess risks from unauthorized trading, software or hardware failures, lack of oversight of operations, or contingencies that would trigger disaster recovery programs. Assess threats to data integrity and security of networks and the consequences of failures or breaches. Recommend or implement risk mitigation strategies or practices.


  • Confer with management of units whose operational risk is tracked to understand operational processes and to identify likely intersections, handoffs, bottlenecks and access points where operational risk is greater. Establish metrics for the business unit.
  • Establish standards and methodology for staff to use in assessing, measuring, and reporting operational risk. Assign and prioritize work to staff according to corporate standards and regulatory reporting requirements.
  • Assess proprietary applications developed for staff to use in aggregating, analyzing, and assessing operational risk in the course of studying assigned units. Suggest business or system requirements to technical staff for refinements of these applications.
  • Prepare, or oversee the preparation of assessments or reports for business unit management, division or corporate management. Suggest adaptations to operational risk assessment tools, policies, or procedures based on current empirical data.
  • Report to senior management on the unit's production, activities, and efforts.
  • Represent the unit as an expert or resource to cross-functional project or coordinating teams.


  • Bachelor's Degree or equivalent required


  • 8+ years of related experience


  • 10 - 15 years of related experience, preferred
  • Expertise in specialty area of information security/cyber security in support of credible challenge
  • Deep understanding of technology risk management methodology and approaches; execution expertise, risk measurement, and analysis experience
  • Professional Certification in Information Security (e.g. CISSP) preferred
  • Audit / testing experience (preferred)                                     


As a condition of employment with Fannie Mae, any successful job applicant will be required to pass to successfully complete a background investigation.


Fannie Mae is an Equal Opportunity Employer.

Req ID: 56873