Senior Director of Security Configuration Management & Cyber Governance
Fannie Mae · Reston, VA · 2 wk ago
Information TechnologyFull-time
Key Responsibilities
- Develop and execute the enterprise strategy for security configuration management and cyber governance.
- Provide executive-level reporting on cyber risk, control effectiveness, compliance posture, and configuration management maturity aligned with risk appetite.
- Partner with business, technology, risk, legal, compliance, and audit stakeholders to ensure consistent governance practices across the Information Security organization.
- Drive continuous improvement initiatives that enhance operational resilience, security effectiveness, and regulatory readiness.
- Monitor emerging cyber threats, vulnerabilities, and industry trends to proactively address risks.
Security Configuration Management
- Establish enterprise security configuration standards, baselines, and hardening requirements across Cloud, SaaS and On Prem software services.
- Ensure secure configuration controls are integrated into system development, deployment, and operational processes.
- Oversee configuration compliance monitoring, risk prioritization, remediation governance and executive reporting.
- Lead initiatives to automate configuration management, compliance validation, and security configuration enforcement.
- Define key performance indicators (KPIs), key risk indicators (KRIs), and metrics to measure security configuration compliance and risk reduction outcomes.
- Ensure alignment with industry frameworks such as NIST, CIS Benchmarks and relevant regulatory requirements.
- Drive continuous improvement of configuration compliance, and security control effectiveness.
- Ensure timely remediation of security misconfigurations across the enterprise.
- Lead security configuration management assessments and audits conducted by internal audit, regulators, and external parties.
- Ensure effective remediation of audit findings and regulatory observations.
Cyber Governance
- Lead cyber assurance governance program, partnering with Information Security Standard owners to define key requirements and monitors.
- Develop governance dashboards, scorecards, and metrics that provide transparency into control performance, compliance posture, risk trends, and remediation progress.
- Present cybersecurity risks, trends, and remediation status to executive leadership, risk committees, and governance forums.
- Monitor emerging cybersecurity threats, regulatory developments, and industry trends to proactively evolve governance practices.
- Ensure alignment with enterprise risk management frameworks and regulatory expectations.
Leadership & People Management
- Build, lead, mentor, and develop high-performing teams focused on security governance, security configuration management, and cyber risk oversight.
- Foster a culture of accountability, innovation, collaboration, and continuous learning.
- Establish clear goals, performance expectations, and development plans for leaders and team members.
- Drive workforce planning, succession planning, talent acquisition, and leadership development initiatives.
- Manage budgets, vendor relationships, and strategic initiatives.
- Influence and inspire cross-functional teams without direct authority to achieve strategic cybersecurity objectives.
- Serve as a key cybersecurity representative to executive leadership committees and governance forums.
- Communicate complex technical and risk topics in clear business terms appropriate for executive and board-level audiences.
- Build strong relationships with regulators, auditors, industry peers, and external partners.
- Influence strategic technology decisions through cybersecurity governance and risk management expertise.