Head of Cyber Security Risk - Technology and Operations Risk Management - Senior Director

Playing an essential role in the U.S. economy, Fannie Mae is foundational to housing finance. Here, your expertise can help fuel purpose-driven innovation that expands access to homeownership and affordable rental housing across the country. Join Fannie Mae to grow your career and help people find a place to call home.

Job Description

As the Senior Director, Cybersecurity Risk, you will serve as the Head of Cybersecurity Risk, leading the firm's first line cybersecurity risk strategy and governance across the enterprise. You will shape and execute a comprehensive cyber risk management approach that aligns with business objectives, regulatory expectations, and industry standards.

Leveraging deep expertise across cybersecurity risk disciplines, including vulnerability management, identity and access management, data protection, application security, cloud security, cyber assurance, and security operations, you will identify, oversee, and mitigate cyber, compliance, and operational risks in line with firm standards. You will partner closely with internal stakeholders and regulators to maintain a clear, enterprise-wide view of the cyber risk posture and its impact on the business, strengthening resilience in an evolving threat landscape

Position is based out of Plano, TX. Fannie Mae does provide the opportunity for relocation assistance.

The Impact You Will Make

You will shape enterprise cyber risk outcomes, enhance transparency, and serve as a trusted advisor to executive leadership and regulators.

Key Responsibilities

• Develop and execute the enterprise cybersecurity risk management strategy, including supporting policies, processes, and initiatives aligned to firm standards, regulatory requirements, and industry best practices.
• Lead enterprise cyber risk identification, assessment, prioritization, and mitigation, including ownership of the annual top cyber risk assessment and ongoing maturity of risk methodologies.
• Oversee cybersecurity risk governance, reporting, issue management, and control effectiveness, providing clear insights to senior leaders and governance forums.
• Define and standardize governance reporting standards, templates, cadence, and content expectations to ensure consistency, clarity, and comparability of cyber risk reporting.
• Coordinate cyber risk governance alignment across the CISO organization, ORM, IT, audit, and other stakeholders to ensure consistent interpretation and application of risk standards.
• Establish and maintain strong relationships with internal and external stakeholders, including cross-functional leaders, regulators, and auditors.
• Support alignment with applicable regulatory and industry cybersecurity risk management frameworks and expectations (e.g., FHFA, FFIEC, NIST CSF, CRI Profile, or equivalent).
• Support Cyber Risk Institute (CRI) maturity and controls assessments, including coordination with internal stakeholders and external auditors.
• Drive traceability, documentation, and auditability of cyber risk outputs, ensuring evidence and decision logic meet regulatory, internal audit, and examination standards.

• 15+ years of experience in cybersecurity, technology risk, or related risk disciplines.
• Bachelor's degree or equivalent professional experience.
• Demonstrated experience engaging senior executives and regulatory stakeholders.

• Master's degree.
• Professional certifications such as CISSP, CISA, or CRISC.