Third-Party Cybersecurity Risk Assessment Examiner

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Position Overview:

Freddie Mac is seeking an experienced Cybersecurity Risk Assessment Examiner to join the Seller/Servicer Information Security Oversight Team within Third-Party Risk Management. In this role, you will oversee and assess the information security risk management practices of sellers and servicers, ensuring their compliance with Freddie Mac’s standards and relevant regulatory requirements. You will evaluate third-party cybersecurity controls and policies, identify vulnerabilities, and analyze their impact on Freddie Mac’s operations. Leveraging frameworks such as NIST CSF, you will conduct risk assessments, prepare actionable reports, monitor remediation efforts, and collaborate with internal teams to strengthen Freddie Mac’s digital security posture.

Our Impact:

The Seller/Servicer Information Security Oversight Team plays a critical role in safeguarding Freddie Mac’s data and digital assets. By ensuring that seller and servicer partners adhere to strict information security standards outlined in the Freddie Mac Guide, our team actively monitors, identifies, detects, and responds to cyber threats. We conduct regular vulnerability scans, implement robust risk mitigation strategies, and continuously refine our processes to protect Freddie Mac’s operations and reputation.

Your Impact:

 As a Cybersecurity Risk Assessment Examiner, you will:

• Identify and analyze potential cybersecurity risks impacting Freddie Mac’s digital assets and business operations.
• Conduct thorough risk assessments and audits of third-party information systems, networks, and processes.
• Assess the effectiveness of technical, physical, and administrative security controls, ensuring alignment with industry standards.
• Review institutional policies and procedures for compliance with laws, regulations, and frameworks (e.g., FFIEC, NIST, ISO 27001, PCI DSS, HIPAA).
• Evaluate risks associated with vendors, suppliers, and external partners, supporting third-party risk management.
• Review the scope and frequency of vulnerability scans and assess the effectiveness of patches and threat detection tools.
• Test and review incident response plans to ensure the organization can effectively recover from potential breaches.
• Document findings and prepare comprehensive reports detailing vulnerabilities, risk assessments, and recommended remedial actions for senior management or external regulators.
• Collaborate with IT, compliance, and business units to address findings and implement mitigation strategies.
• Assist in developing and refining internal cybersecurity policies, procedures, and risk assessment methodologies.
• Stay current with emerging cybersecurity threats, trends, and best practices to inform risk assessment processes.

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field, preferred
• 8 - 10 years of experience in cybersecurity auditing, risk assessment, IT security, or risk management; examiner roles in regulated industries may require 5+ years.
• Professional certifications such as CISA, CISSP, CISM, or CRISC preferred.
• Strong understanding of risk assessment methodologies and security frameworks (e.g., NIST SP 800-30, ISO 27001, CIS20, GDPR).
• Experience with vulnerability assessment tools and techniques.
• Deep technical expertise in network communication, operating systems, security controls, and ethical hacking.
• Excellent analytical, organizational, and communication skills.
• Ability to work independently and collaboratively in a fast-paced environment.

Keys to Success in this Role:

• Demonstrate a strong understanding of Third-Party Risk Governance and adapt to evolving organizational needs.
• Apply analytical rigor to identify, assess, and mitigate information security risks.
• Communicate findings and recommendations clearly to senior management and external regulators.
• Collaborate effectively across IT, compliance, and business units to drive security improvements.
• Maintain up-to-date knowledge of cybersecurity threats, regulatory requirements, and industry best practices.
• Exhibit initiative, attention to detail, and the ability to manage multiple priorities efficiently.

Current Freddie Mac employees please apply through the internal career site.

We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

A safe and secure environment is critical to Freddie Mac’s business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

CA Applicants:  Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC.

Time-type:Full time

FLSA Status:Exempt

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.

This position has an annualized market-based salary range of $134,000 - $200,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.