Third-Party Cybersecurity Risk Assessment Examiner

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field, preferred
• 8 - 10 years of experience in cybersecurity auditing, risk assessment, IT security, or risk management; examiner roles in regulated industries may require 5+ years.
• Strong understanding of risk assessment methodologies and security frameworks (e.g., NIST SP 800-30, ISO 27001, CIS20, GDPR).
• Experience with vulnerability assessment tools and techniques.
• Deep technical expertise in network communication, operating systems, security controls, and ethical hacking.
• Excellent analytical, organizational, and communication skills.
• Ability to work independently and collaboratively in a fast-paced environment.

Nice To Haves

• Professional certifications such as CISA, CISSP, CISM, or CRISC preferred.
• Demonstrate a strong understanding of Third-Party Risk Governance and adapt to evolving organizational needs.
• Apply analytical rigor to identify, assess, and mitigate information security risks.
• Communicate findings and recommendations clearly to senior management and external regulators.
• Collaborate effectively across IT, compliance, and business units to drive security improvements.
• Maintain up-to-date knowledge of cybersecurity threats, regulatory requirements, and industry best practices.
• Exhibit initiative, attention to detail, and the ability to manage multiple priorities efficiently.

Responsibilities

• Identify and analyze potential cybersecurity risks impacting Freddie Mac’s digital assets and business operations.
• Conduct thorough risk assessments and audits of third-party information systems, networks, and processes.
• Assess the effectiveness of technical, physical, and administrative security controls, ensuring alignment with industry standards.
• Review institutional policies and procedures for compliance with laws, regulations, and frameworks (e.g., FFIEC, NIST, ISO 27001, PCI DSS, HIPAA).
• Evaluate risks associated with vendors, suppliers, and external partners, supporting third-party risk management.
• Review the scope and frequency of vulnerability scans and assess the effectiveness of patches and threat detection tools.
• Test and review incident response plans to ensure the organization can effectively recover from potential breaches.
• Document findings and prepare comprehensive reports detailing vulnerabilities, risk assessments, and recommended remedial actions for senior management or external regulators.
• Collaborate with IT, compliance, and business units to address findings and implement mitigation strategies.
• Assist in developing and refining internal cybersecurity policies, procedures, and risk assessment methodologies.
• Stay current with emerging cybersecurity threats, trends, and best practices to inform risk assessment processes.

Benefits

• Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs.
• Information on these benefit programs is available on our Careers site.
• This position has an annualized market-based salary range of $134,000 - $200,000 and is eligible to participate in the annual incentive program.