Senior Director of Security Configuration Management & Cyber Governance

Job Description

Company: Fanniemae

Location: Reston, US

Playing an essential role in the U.S. economy, Fannie Mae is foundational to housing finance. Here, your expertise can help fuel purpose-driven innovation that expands access to homeownership and affordable rental housing across the country. Join Fannie Mae to grow your career and help people find a place to call home.

Job Description

In this compelling leadership position, you will plan and direct a function and team responsible for designing, developing, testing, or maintaining hardware, technology, or processes, and ensure the coordination of business unit operational activities.The Senior Director of Security Configuration Management & Cyber Governance is a strategic cybersecurity leader responsible forestablishing, governing, and continuously improving enterprise-wide security configuration management, cyber governance, compliance, and risk oversight programs. This role ensures the organization’s technology assets, platforms, and services are securely configured, governed according to industry best practices, and aligned with regulatory, business, and risk managementobjectives.

The Senior Director will lead multidisciplinary teams responsible for security baselines, configuration standards, governance frameworks, policy management, compliance oversight, control effectiveness, and cyber risk reporting. This leader serves as a trusted advisor to executive leadership, technology organizations, audit partners, regulators, and business stakeholders to strengthen the organization’s cybersecurity posture while enabling business transformation and innovation.

Key Responsibilities

StrategicInformation SecurityLeadership & Governance

• Develop and execute the enterprise strategy for security configuration management and cyber governance.

• Provide executive-level reporting on cyber risk, control effectiveness, compliance posture, and configuration management maturityaligned withriskappetite

• Partner with business, technology, risk, legal, compliance, and audit stakeholders to ensure consistent governance practices acrosstheInformationSecurity organization.

• Drive continuous improvement initiatives that enhance operational resilience, security effectiveness, and regulatory readiness.

• Monitor emerging cyber threats, vulnerabilities, and industry trends to proactively address risks.

Security Configuration Management

• Establish enterprise security configuration standards, baselines, and hardening requirements acrossCloud, SaaSand OnPremsoftwareservices.

• Ensure secure configuration controls are integrated into system development, deployment, and operational processes.

• Oversee configuration compliance monitoring,riskprioritization, remediationgovernanceandexecutive reporting.

• Lead initiatives to automate configuration management, compliance validation, and securityconfigurationenforcement.

• Define key performance indicators (KPIs), key risk indicators (KRIs), and metrics to measuresecurityconfiguration compliance and risk reduction outcomes.

• Ensure alignment with industry frameworks such as NIST, CISBenchmarksand relevant regulatory requirements.

• Drive continuous improvement of configuration compliance, and security control effectiveness.

• Ensuretimelyremediation of security misconfigurationsacross the enterprise

• Lead securityconfigurationmanagementassessments and audits conducted by internalaudit, regulators, and external parties.Ensure effective remediation of audit findings and regulatory observations.

Cyber Governance

• Lead cyberassurancegovernance program,partnering with InformationSecurity Standard owners todefinekey requirements andmonitors

• Lead development of governance dashboards, scorecards, and metrics that provide transparency into control performance, compliance posture, risk trends, and remediation progress.

• Present cybersecurity risks, trends, and remediation status to executive leadership, risk committees, and governance forums.

• Monitor emerging cybersecurity threats, regulatory developments, and industry trends to proactively evolve governance practices.

• Ensure alignment with enterprise risk management frameworks and regulatory expectations.

Leadership & People Management

• Build, lead, mentor, and develop high-performing teams focused on security governance,securityconfiguration management, and cyber risk oversight.

• Foster a culture of accountability, innovation, collaboration, and continuous learning.

• Establish clear goals, performance expectations, and development plans for leaders and team members.

• Drive workforce planning, succession planning, talent acquisition, and leadership development initiatives.

• Manage budgets, vendor relationships, and strategic initiatives.

• Influence and inspire cross-functional teams without direct authority to achieve strategic cybersecurityobjectives.

• Promote strong partnerships across technology, security operations, engineering, architecture, risk, compliance, and business functions.

• Serve as a key cybersecurity representative to executive leadership committees and governance forums.

• Communicate complex technical and risk topics in clear business termsappropriate forexecutive and board-level audiences.

• Build strong relationships with regulators, auditors, industry peers, and external partners.

• Influence strategic technology decisions through cybersecurity governance and risk managementexpertise.

Minimum Required Experiences

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or related field.

• 8 years of progressive experience in cybersecurity, information security, risk management, governance, or technology leadership roles.

• 8+ years of leadership experience managing large teams and senior-level managers.

• Demonstrated experience leading enterprise-scale security configuration management, cyber governance, risk, compliance, or security engineering programs.

• Deep understanding of cybersecurity frameworks, standards, and regulations including NIST CSF, NIST 800-53, CIS Controls, ISO 27001, COBIT, and relevant regulatory requirements.

• Deepknowledge of cloud security, infrastructure security, endpoint security,security configurationmanagement, and security operations.

• Experience presenting cybersecurity strategies, risks, and performance metrics to executive leadershipandexecutive committees

• Proven ability to lead organizational change and driveadoptionof enterprise security initiatives.

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Systems, Risk Management, or relatedfield.

• Strong understanding of regulatory requirements applicable to financial services or highly regulated industries.

• Shows curiosity and adaptability in learning and responsibly applyingnew technologies, including artificial intelligence, to reimagine how wework.

Desired Experiences

• Master’s degree in Cybersecurity, Information Security, Business Administration, or related discipline.

• Industry certifications such as CISSP, CISM, CRISC, CGEIT, CISA, or equivalent.

• Experience within highly regulated industries such as financial services, government, healthcare, or critical infrastructure.

• Experience implementing governance and securityconfigurationsandcontrolsacross hybrid cloud and modern technology environments.

• Knowledge ofDevSecOps, Infrastructure as Code (IaC), automated compliance monitoring, and security orchestration technologies.

Leadership Competencies

• Strategic Thinking and Vision

• Executive Presence and Influence

• Risk-Based Decision Making

• Talent Development and Coaching

• Organizational Leadership

• Change Management

• Cross-Functional Collaboration

• Operational Excellence

• Accountability and Results Orientation

Qualifications
Active Directory (AD), Active Directory (AD), Amazon Web Services (AWS), Artificial Intelligence (AI), Atlassian JIRA, Authentication Management, Backup and Recovery (Software), Business Insight Skills, Business Process Management Skills, Calendar and Scheduling Tools, Cleaning and Transforming Data, Cloud Technology, Collaborating Cross-Functionally, Communicating in Technical Writing, Communicating Technical Information, Communication, Configuration Management (CM), Conflict Resolution, Coordination, Customer and Market Insights, Customer Relationship Management (CRM), CyberArk, Cybersecurity Analysis, Data Analysis, Data Analysis Interpretation {+ 60 more}
Education:
Bachelor’s Level Degree (Required), Master’s Level Degree
The future is what you make it to be. Discover compelling opportunities at Fanniemae.com/careers.

For most roles, employees are expected to work onsite on a regular basis at their designated office location. In-office work cadence is determined by your manager. Proximity within a reasonable commute to your designated office location is preferred unless the job is noted as open to remote.

Fannie Mae is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity/gender expression, marital or parental status, or any other protected factor. Fannie Mae is committed to providing reasonable accommodations to qualified individuals with disabilities who are employees or applicants for employment, unless to do so would cause undue hardship to the company. If you need assistance using our online system and/or you need a reasonable accommodation related to the hiring/application process, please complete this form.

The hiring range for this role is set forth below. Final salaries will generally vary within that range based on factors that include but are not limited to, skill set, depth of experience, certifications, and other relevant qualifications. This position is eligible to participate in a Fannie Mae incentive program (subject to the terms of the program). As part of our comprehensive benefits package, Fannie Mae offers a broad range of Health, Life, Voluntary Lifestyle, and other benefits and perks that enhance an employee’s physical, mental, emotional, and financial well-being. See more here.

Requisition compensation:
226000to
306000

Source: ZipRecruiter