Jobs · Information Technology · Virginia

Senior Director of Security Configuration Management & Cyber Governance

Fannie Mae · Reston, VA · 2 wk ago
Information TechnologyFull-time

Key Responsibilities

  • Develop and execute the enterprise strategy for security configuration management and cyber governance.
  • Provide executive-level reporting on cyber risk, control effectiveness, compliance posture, and configuration management maturity aligned with risk appetite.
  • Partner with business, technology, risk, legal, compliance, and audit stakeholders to ensure consistent governance practices across the Information Security organization.
  • Drive continuous improvement initiatives that enhance operational resilience, security effectiveness, and regulatory readiness.
  • Monitor emerging cyber threats, vulnerabilities, and industry trends to proactively address risks.

Security Configuration Management

  • Establish enterprise security configuration standards, baselines, and hardening requirements across Cloud, SaaS and On Prem software services.
  • Ensure secure configuration controls are integrated into system development, deployment, and operational processes.
  • Oversee configuration compliance monitoring, risk prioritization, remediation governance and executive reporting.
  • Lead initiatives to automate configuration management, compliance validation, and security configuration enforcement.
  • Define key performance indicators (KPIs), key risk indicators (KRIs), and metrics to measure security configuration compliance and risk reduction outcomes.
  • Ensure alignment with industry frameworks such as NIST, CIS Benchmarks and relevant regulatory requirements.
  • Drive continuous improvement of configuration compliance, and security control effectiveness.
  • Ensure timely remediation of security misconfigurations across the enterprise.
  • Lead security configuration management assessments and audits conducted by internal audit, regulators, and external parties.
  • Ensure effective remediation of audit findings and regulatory observations.

Cyber Governance

  • Lead cyber assurance governance program, partnering with Information Security Standard owners to define key requirements and monitors.
  • Develop governance dashboards, scorecards, and metrics that provide transparency into control performance, compliance posture, risk trends, and remediation progress.
  • Present cybersecurity risks, trends, and remediation status to executive leadership, risk committees, and governance forums.
  • Monitor emerging cybersecurity threats, regulatory developments, and industry trends to proactively evolve governance practices.
  • Ensure alignment with enterprise risk management frameworks and regulatory expectations.

Leadership & People Management

  • Build, lead, mentor, and develop high-performing teams focused on security governance, security configuration management, and cyber risk oversight.
  • Foster a culture of accountability, innovation, collaboration, and continuous learning.
  • Establish clear goals, performance expectations, and development plans for leaders and team members.
  • Drive workforce planning, succession planning, talent acquisition, and leadership development initiatives.
  • Manage budgets, vendor relationships, and strategic initiatives.
  • Influence and inspire cross-functional teams without direct authority to achieve strategic cybersecurity objectives.
  • Serve as a key cybersecurity representative to executive leadership committees and governance forums.
  • Communicate complex technical and risk topics in clear business terms appropriate for executive and board-level audiences.
  • Build strong relationships with regulators, auditors, industry peers, and external partners.
  • Influence strategic technology decisions through cybersecurity governance and risk management expertise.

Similar jobs