View all jobs

Job Title: Vendor Risk Assessor Senior

Reston, Virginia
Required skills:
  • Strong and deep information security risk identification (includes Cloud services), assessment, and risk ranking experience
  • Basic understanding of the risk management concepts of Inherent and Residual risk
  • Working experience with the following documents used in a risk assessment:
-SIG (Standardized Information Gathering) questionnaire,
-Penetration test
-Vulnerability test
-SOC (Service Organization Control) 1 and 2, Type 2
*Most of Freddie Mac’s vendor risk assessments are done remotely (request vendor documents) versus going to the vendor’s site*
  • Experience with the following standards:
-ISO 27001 and 27002
-NIST relevant to information technology/security
-Cloud Security Alliance control matrix
-Shared Assessments SCA (will provide acronym terms) control assessment guidelines
  • Experience in assessing the following risks:
-Privacy of information
-Information technology disaster recovery
-4th party (a.k.a. subcontractor)
-Critical services
  • Articulate in verbal and written communication
  • Ability to convey technical concepts in “layman” terms
  • Confident to make independent decisions
  • Willingness and desire to accept other viewpoints
  • Collaborate with other individuals to complete common goal
Nice to have:
  • Financial services third-party risk management experience
  • Familiar with the Office of the Comptroller’s 2013 Third-party risk management lifecycle guidance
Powered by