Manager, Security Assurance

Common Securitization Solutions - Bethesda, MD2.2

Information Security is seeking a Security Assurance Manager to help manage and oversee information security technology and controls based risks. The successful candidate will be responsible for identifying, prioritizing, monitoring, and reporting information security technology risks and controls to include performing risk and controls assessments.

Individual will be working in a high-performing technical environment and will work closely with the business and technology teams to

develop a strong understanding of the business in order to have specialized information security risk-based discussions. This relationship

will ensure a focus on the right risk priorities. The ideal candidate will be an information security specialist with strong business acumen who can bridge the gap between business and technology and can understand operational impact. A well-qualified candidate will be comfortable working with executive and technical leadership around the company to embed a security-focused mindset in all areas.

The position provides an opportunity to participate in an energetic and fast paced environment using the latest in technology and tools to build and secure an advanced financial services processing platform running in a virtual cloud-based data-center. This position will report to the CSS Information Security Risk and Corporate Security Manager.

Key Job Functions

Develop an employee-oriented company culture that emphasizes quality, continuous improvement, key employee retention and development, and high performance by coaching, mentoring and developing staff.
Act as a trusted advisor and partner in risk-based decision making with Business, IT and Information security stakeholders in CSS and in our client investor organizations (Fannie Mae and Freddie Mac).
Understand and articulate risks associated with technology processes and IT general controls and identify process and control gaps proactively.
Liaise across relevant business, technology, and control functions to prioritize risks, challenge technology risk decisions, assumptions and tolerances, and drive appropriate risk response.
Provide support for the various internal and external audits that affect Information Security to ensure response timely.
Contribute to the establishment of metrics and tools to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner.
Perform 1st Line testing activities within Information Security to validate the effectiveness, design, and implementation of controls; working with control owners to identify compensating controls to document mitigation and remediation plans.
Perform Controls Lifecycle Management to include conducting of controls reviews and system security plan updates and maintenance.
Perform POA&M oversight and Audit Remediation initiatives across the infrastructure and information systems to satisfy compliance requirements and manage risks to an acceptable level.
Assist with the development and validation of remediation plans for technology deficiencies by providing effective challenge.
Monitor internal and external business, regulatory and technology environment to identify new or emerging risks and verify remediation of issues.
Define and execute Third Party / Vendor Information Security Risk Assessment programs.
Coordinate with enterprise risk management function for appropriate impact analysis.



Bachelor's Degree in Information Systems or related field or an equivalent combination of education and experience

Minimum Experience

Minimum of 8 years related work experience in Information Technology
Minimum 3 years in a people management role
Industry Certification required, e.g. CISSP, CISA, CISM or equivalent designation
Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. CSS does not offer H-1B sponsorship for this position.

Specialized Knowledge & Skills

Active in the information security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies
Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals.
Experience working with Risk, Security or Audit frameworks (i.e., COBIT, COSO, ISO 27001/2, NIST 800-53, AICPA, BITS).
Serve as subject matter expert for InfoSec and IT Security related topics with experience in technical control testing aligned to NIST 800-53, FISMA, and SOC.
Strong understanding of technology processes, risks and issues including infrastructure, information security, SDLC and Service Management (knowledge within cloud computing is preferred).
Possesses strong analytical skills capable of identifying, evaluating and mitigating significant risks within an enterprise.
Demonstrated experience using and managing Risk Management tools is required.
Strong working experience with Microsoft Office Suite and GRC tools.
Secondary mortgage market or equivalent financial services experience is an advantage.
Ability to document and explain risks and vulnerabilities to both business and technical stakeholders.
Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives.
Strong oral and written communication skills and ability to work well with others and in a collaborative, complex and fast paced environment.


As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.

Common Securitization Solutions is an Equal Opportunity Employer.