VM Governance Analyst

Playing an essential role in the U.S. economy, Fannie Mae is foundational to housing finance. Here, your expertise can help fuel purpose-driven innovation that expands access to home ownership and affordable rental housing across the country. Join Fannie Mae to grow your career and help people find a place to call home.

Job Description

THE IMPACT YOU WILL MAKE

The VM Governance Analyst role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:

* Apply risk and controls frameworks to support vulnerability governance and oversight

* Ensure compliance with established risk frameworks, control requirements, and internal policy standards

* Assist in governance activities, risk assessments, and reporting processes

* Maintain vulnerability management standard, procedures, and guidelines

* Document and update process flows and workflow diagrams

* Support control effectiveness monitoring related to vulnerability remediation

* Gather, validate, and analyze vulnerability data for governance and leadership reporting

* Track remediation progress and SLA adherence across technology domains

* Identify vulnerabilities requiring risk escalation and exception review

* Prepare and present PowerPoint presentations for leadership, governance working groups and audit reviews

* Maintain documentation for risk acceptance, control validation, audit and regulatory reviews

* Produce recurring operational and executive-level metrics and dashboards

* Identify trends, systemic risks, and opportunities for process improvement

Minimum Required Experiences:

* 2 years experience

* Understanding of cybersecurity vulnerabilities and remediation life cycles

* Strong understanding of risk frameworks (e.g. NIST)

* Working knowledge and acknowledgement of controls frameworks (e.g. NIST, ISO
27001, COBIT)

* Ability to support structured risk assessments (likelihood, impact, residual risk)

* Ability to ensure compliance with risk frameworks, control requirements, and standards

* Advanced Microsoft Excel skills (pivot tables, VLOOKUP, data cleansing, trend analysis)

* Strong PowerPoint presentation skills for leadership-level reporting

* Experience translating technical vulnerability data, analyzing large datasets and identify actionable risk-focused insights

* Strong technical writing skills with ability to draft standards, procedures, guidelines, and process documentation

* Ability to document and visualize process flows and governance workflows

* Shows curiosity and adaptability in learning and responsibly applying new technologies, including artificial intelligence, to reimagine how we work.

Desired Experiences:

* Bachelor degree or equivalent

* 5+ of experience in cybersecurity, vulnerability management, IT risk, audit, compliance, or governance-related roles

* Experience supporting vulnerability reporting, risk assessments, governance processes, drafting standards and procedures, or compliance activities preferred

* Experience working with metrics, dashboards, or executive-level reporting in an enterprise or regulated environment preferred

* Vulnerability governance and oversight experience

* Application of risk and controls frameworks

* Risk assessment support and risk documentation

* Governance reporting and compliance monitoring

* Process flow documentation and workflow mapping

* Risk-based escalation and exception tracking

* Metrics development and KRI tracking

* Dashboard development and data visualization

* Executive- level communication and presentation

Certifications:

* CISA (Certified Information Systems Auditor) - preferred

* CRISC (Certified in Risk and Information Systems Control) - preferred

* Security + or equivalent foundational security certification - a plus

Competencies:

* Risk-based thinking and analysis

* Governance and oversight mindset

* Framework-driven decision making

* Analytical and quantitative reasoning

* Process orientati9on and workflow design capabilities

* Attention to detail and data integrity

* Professional judgment and escalation discipline

* Stakeholder communication and influence

* Ability to manage multiple reporting cycles and deadlines

Target Pay Range: $ - $ a year

Internal

Job Title:

Vulnerability Management - Technology Assessment - Senior Associate

#LI-JM1 #LI-Hybrid

Qualifications

Education:

Bachelor's Level Degree (Required)

The future is what you make it to be. Discover compelling opportunities at

For most roles, employees are expected to work onsite on a regular basis at their designated office location. In-office work cadence is determined by your manager. Proximity within a reasonable commute to your designated office location is preferred unless the job is noted as open to remote.

Fannie Mae is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity/gender expression, marital or parental status, or any other protected…