Job Description
Company: Fannie
Location: Washington, US
Playing an essential role in the U.S. economy, Fannie Mae is foundational to housing finance. Here, your expertise can help fuel purpose-driven innovation that expands access to homeownership and affordable rental housing across the country. Join Fannie Mae to grow your career and help people find a place to call home.
Job Description
Fannie Mae is seeking a hands-on, highly experienced and forward-leaning Senior Vice President, Counterparty Chief Information Security Officer (CCISO) to serve as a strategic cybersecurity leader across our external ecosystem, including lenders, servicers, vendors and interactions of the executive leadership team. This role will shape a firmwide approach to counterparty cybersecurity and act as the primary cybersecurity authority interfacing with counterparties, ensuring that cyber risk, resilience, and connectivity standards are understood, adopted, and continuously improved. The CCISO will combine deep technical expertise (including ethical hacking and adversarial thinking) with executive presence and relational leadership to influence, challenge, and elevate cybersecurity practices across our network of partners.
Key Responsibilities:
External Cybersecurity Leadership
• Serve as the senior-most cybersecurity advisor to Fannie Mae counterparties, including lenders, servicers, vendors, and partners
• Lead strategic dialogues on counterparty cyber risk, resilience, and secure connectivity expectations and emerging cyber threats
• Works with CISO to represent Fannie Mae in high-stakes cyber discussions, including incident response coordination with counterparties
Adversarial & Technical Expertise
• Apply ethical hacking and red-team mindset to educate counterparties on how to proactively identify vulnerabilities
• Explore the potential for joint security exercises with most critical counterparties
• Translate advanced threat intelligence (e.g., ransomware, email scan) into actionable guidance for counterparties to mitigate cyber and fraud risks
• Provide non-liability consulting and challenge counterparties’ security postures with credibility rooted in hands-on technical depth
• Advise and connect counterparties to leading cybersecurity tools, intelligence-sharing forums, and industry resources to improve threat preparedness and defensive posture
Standards, Policy & Compliance
• Establish a firmwide approach to counterparty cybersecurity practices that minimizes exposure to unacceptable cybersecurity, data protection, fraud, operational, or systemic risk.
• Works with CISO to shape and evolve cybersecurity expectations within the Selling & Servicing Guide, particularly around data protection, resilience and third-party risk
• Drive adoption of secure connectivity standards, controls, and best practices with counterparties
• Work with Third Party Risk Management to enforce compliance where necessary
• Partner internally to align counterparty requirements with enterprise cyber strategy and regulatory expectations
Ecosystem Risk Management
• Identify systemic cyber risks across counterparties and develop mitigation strategies
• Establish scalable approaches to assess, monitor, and improve counterparty cyber maturity
• Partner across business units to identify critical counterparties, emerging threats, control gaps, and material cyber risk exposures.
• Support coordinated response efforts in the event of ecosystem-wide or partner-driven cyber incidents led by CISO and Resiliency & Crisis Management
• Partner directly with executives in the organization to ensure that personal cybersecurity practices are protective in our high-visibility environment
• Develop frameworks, metrics, guidance, and executive reporting that enable consistent counterparty cyber risk management
Relationship & Influence
• Build trusted, executive-level relationships with CISOs and security leaders across counterparties
• Advise Business Leadership on counterparty cyber risk appetite and governance expectations. Engage early on business initiatives resulting in new counterparties to ensure expectations are communicated and implemented effectively
• Partner with legal, compliance, risk and other internal leadership as part of the Fannie Mae Risk ecosystem
• Act as a credible challenger and advisor, balancing partnership with accountability
• Influence industry practices through thought leadership and collaboration, including fostering ongoing threat and vulnerability information‑sharing across the broader counterparty ecosystem
• Translate complex counterparty cyber risks into clear business impacts for senior management, risk committees, a
Source: BeBee