VP, Information Security - Technology Management

At Fannie Mae, futures are made. The inspiring work we do helps make a home a possibility for millions of homeowners and renters. Every day offers compelling opportunities to impact the future of the housing industry while being part of an inclusive team thriving in an energizing, flexible environment. Here, you will grow your career and help create access to fair, affordable housing finance.

THE IMPACT YOU WILL MAKE

The VP, Information Security - Technology Management will set the strategic direction for the cybersecurity and information security architecture for cloud, on-prem and hybrid environments. Part of this leader’s remit will be to develop the cybersecurity architecture, build our technology target state and roadmaps, and support the build-out of related technologies. This VP will ensure cybersecurity technologies remain viable, scalable, and aligned to business needs. Finally, s/he will drive process optimization and efficiency through automation, technology enhancements, and structured continuous improvement plans.

The VP, Information Security - Technology Management role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:

Develop the cybersecurity architecture while ensuring alignment with broader functional and corporate strategies, including a specific focus on the following:

• Enterprise Cyber Security Cloud Architecture. Lead the development and implementation of strategies for maturing the enterprise cyber security posture to meet or exceed industry standards in a complex, on-prem/multi-cloud environment undergoing digital transformation.
  • Defining and driving implementation of the Fannie Mae Cyber Security Strategy in alignment with the Fannie Business and Enterprise Risk Management strategies.
  • Driving adoption of cyber security best practices for emerging technology areas including multi-cloud, ML, AI, etc.
  • Evaluate emerging cyber security solutions and incorporate into Cyber Security Enterprise-wide architecture (e.g., SOAR, AI, ML, etc.)
• Cyber Security Enterprise-Wide Architecture. Drive the standardization and guiding principles for overlaying security architecture patterns over enterprise architecture to enable technical & process controls for risk management.
  • Developing technical strategies and multi-year roadmaps spanning across all InfoSec domains with clearly defined capabilities that enable Fannie Mae business goals and objectives.
  • Establishing detailed InfoSec technical integration/API architecture for the integration of security tools to support security controls automation and automated remediation.
  • Identifying and establishing tools selections criteria based on current and evolving business needs.
• InfoSec Product/Portfolio Lead. Lead the prioritization, strategy, and development of cyber services for enterprise, as well as developing cyber security product portfolio strategy to enable rationalization through accountability & traceability between security objectives and security services delivery.
• Cloud Security Standards and Policies. Drive the technical security standards of virtualization, cloud infrastructure, and public cloud offerings and designing security configuration and controls within cloud-based solutions for IaaS, PaaS, SaaS, and hybrid solutions.
• Information Security Standards and Frameworks. Drive security controls, tools, processes and risk management alignment with common information security standards such as: NIST CSF, SOX, SOC2, FEDRAMP, and CIS Controls.
• Infrastructure Security Architecture. Lead integration architecture and security requirements of common infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, intrusion detection and prevention, security monitoring, and data encryption solutions.
• Application Security Architecture. Lead the design of security controls for business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging.
• Agile and DevOps Methodologies. Be a contributing member of a balanced team within an Agile development or DevOps environment. Focus on security-as-code and continuous compliance practices.
• Lead the cybersecurity technology transformation to cloud and ensure the ongoing relevance, viability and scalability of cybersecurity applications and systems.  Provide leadership and direction in the innovation of bleeding edge cybersecurity technologies.

THE EXPERIENCE YOU BRING TO THE TEAM

• 10+ years of experience managing the implementation and operation of security architecture and tools in a cloud-native environment (ideally a mastery of AWS).
• Experience with Application Security, Vulnerability Management, Security Operations, and DevSecOps.
• Understanding of key cyber security tools to ensure that they are consistently deployed, executed, and continuously improved in alignment with business requirements.
• Strong background in IAM and credentials management solutions and technologies (Ping, Okta, AWS Secrets Manager, Hashicorp Vault, CyberArk, etc.).
• Experience effectively communicating at senior levels within a customer organization and meeting with stakeholders to formulate, review, and execute task plans and deliverable items.
• Experience leading high performing multi-disciplinary teams with a focus on attracting and developing talent.
• Background in cyber security monitoring and measurements.
• Experience with implementing security solutions for AWS, Azure and/or GCP.
• Experience with Microservices architecture.
• Experience Docker, Istio, Apigee, ECS, EKS, and Kafka.
• Experience with managing security with SaaS providers.
• Strong background in cyber security controls frameworks and regulatory requirements including NIST 800-53, NIST CSF, CSA CCM, SOX, and Privacy regulations.
• Experience leading complex security infrastructure consolidation and modernization efforts to achieve standardized, consistent and repeatable processes for delivery of services across a large agency enterprise, and optimized use of shared resources.
• Strong written and verbal communication skills to collaborate with customer representatives, domain experts, systems engineers and architects.
• Active CISSP certification or equivalent is preferred.
• Financial services industry experience and strong project management acumen is nice-to-have.

The future is what you make it to be. Discover compelling opportunities at careers.fanniemae.com.

Fannie Mae is an Equal Opportunity Employer, which means we are committed to fostering a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, religion, national origin, gender, gender identity, sexual orientation, personal appearance, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation in the application process, email us at [email protected].

The hiring range for this role is set forth on each of our job postings located on Fannie Mae's Career Site. Final salaries will generally vary within that range based on factors that include but are not limited to, skill set, depth of experience, certifications, and other relevant qualifications. This position is eligible to participate in a Fannie Mae incentive program (subject to the terms of the program). As part of our comprehensive benefits package, Fannie Mae offers a broad range of Health, Life, Voluntary Lifestyle, and other benefits and perks that enhance an employee’s physical, mental, emotional, and financial well-being. See more here.