THE IMPACT YOU WILL MAKEThe VP, Information Security - Technology Management will set the strategic direction for the cybersecurity and information security architecture for cloud, on-prem and hybrid environments. Part of this leader’s remit will be to develop the cybersecurity architecture, build our technology target state and roadmaps, and support the build-out of related technologies. This VP will ensure cybersecurity technologies remain viable, scalable, and aligned to business needs. Finally, s/he will drive process optimization and efficiency through automation, technology enhancements, and structured continuous improvement plans.The VP, Information Security - Technology Management role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:Develop the cybersecurity architecture while ensuring alignment with broader functional and corporate strategies, including a specific focus on the following:Enterprise Cyber Security Cloud Architecture. Lead the development and implementation of strategies for maturing the enterprise cyber security posture to meet or exceed industry standards in a complex, on-prem/multi-cloud environment undergoing digital transformation.Defining and driving implementation of the Fannie Mae Cyber Security Strategy in alignment with the Fannie Business and Enterprise Risk Management strategies.Driving adoption of cyber security best practices for emerging technology areas including multi-cloud, ML, AI, etc.Evaluate emerging cyber security solutions and incorporate into Cyber Security Enterprise-wide architecture (e.g., SOAR, AI, ML, etc.)Cyber Security Enterprise-Wide Architecture. Drive the standardization and guiding principles for overlaying security architecture patterns over enterprise architecture to enable technical & process controls for risk management.Developing technical strategies and multi-year roadmaps spanning across all InfoSec domains with clearly defined capabilities that enable Fannie Mae business goals and objectives.Establishing detailed InfoSec technical integration/API architecture for the integration of security tools to support security controls automation and automated remediation.Identifying and establishing tools selections criteria based on current and evolving business needs.InfoSec Product/Portfolio Lead. Lead the prioritization, strategy, and development of cyber services for enterprise, as well as developing cyber security product portfolio strategy to enable rationalization through accountability & traceability between security objectives and security services delivery.Cloud Security Standards and Policies. Drive the technical security standards of virtualization, cloud infrastructure, and public cloud offerings and designing security configuration and controls within cloud-based solutions for IaaS, PaaS, SaaS, and hybrid solutions.Information Security Standards and Frameworks. Drive security controls, tools, processes and risk management alignment with common information security standards such as: NIST CSF, SOX, SOC2, FEDRAMP, and CIS Controls.Infrastructure Security Architecture. Lead integration architecture and security requirements of common infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, intrusion detection and prevention, security monitoring, and data encryption solutions.Application Security Architecture. Lead the design of security controls for business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging.Agile and DevOps Methodologies. Be a contributing member of a balanced team within an Agile development or DevOps environment. Focus on security-as-code and continuous compliance practices.Lead the cybersecurity technology transformation to cloud and ensure the ongoing relevance, viability and scalability of cybersecurity applications and systems.  Provide leadership and direction in the innovation of bleeding edge cybersecurity technologies.
