×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

VM Governance Analyst

Job in Reston, Fairfax County, Virginia, 22090, USA
Listing for: Fannie Mae
Full Time position
Listed on 2026-06-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 109000 - 142000 USD Yearly USD 109000.00 142000.00 YEAR
Job Description & How to Apply Below
Playing an essential role in the U.S. economy, Fannie Mae is foundational to housing finance. Here, your expertise can help fuel purpose-driven innovation that expands access to home ownership and affordable rental housing across the country. Join Fannie Mae to grow your career and help people find a place to call home.

Job Description

THE IMPACT YOU WILL MAKEThe VM Governance Analyst role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:

Apply risk and controls frameworks to support vulnerability governance and oversight

Ensure compliance with established risk frameworks, control requirements, and internal policy standards

Assist in governance activities, risk assessments, and reporting processes

Maintain vulnerability management standard, procedures, and guidelines

Document and update process flows and workflow diagrams

Support control effectiveness monitoring related to vulnerability remediation

Gather, validate, and analyze vulnerability data for governance and leadership reporting

Track remediation progress and SLA adherence across technology domains

Identify vulnerabilities requiring risk escalation and exception review

Prepare and present PowerPoint presentations for leadership, governance working groups and audit reviews

Maintain documentation for risk acceptance, control validation, audit and regulatory reviews

Produce recurring operational and executive-level metrics and dashboards

Identify trends, systemic risks, and opportunities for process improvement

Minimum Required Experiences:2 years experience

Understanding of cybersecurity vulnerabilities and remediation life cycles

Strong understanding of risk frameworks (e.g. NIST)
Working knowledge and acknowledgement of controls frameworks (e.g. NIST, ISO
27001, COBIT)
Ability to support structured risk assessments (likelihood, impact, residual risk)
Ability to ensure compliance with risk frameworks, control requirements, and standards

Advanced Microsoft Excel skills (pivot tables, VLOOKUP, data cleansing, trend analysis)
Strong PowerPoint presentation skills for leadership-level reporting

Experience translating technical vulnerability data, analyzing large datasets and identify actionable risk-focused insights

Strong technical writing skills with ability to draft standards, procedures, guidelines, and process documentation

Ability to document and visualize process flows and governance workflows

Shows curiosity and adaptability in learning and responsibly applying new technologies, including artificial intelligence, to reimagine how we work.

Desired Experiences:

Bachelor degree or equivalent5+ of experience in cybersecurity, vulnerability management, IT risk, audit, compliance, or governance-related roles

Experience supporting vulnerability reporting, risk assessments, governance processes, drafting standards and procedures, or compliance activities preferred

Experience working with metrics, dashboards, or executive-level reporting in an enterprise or regulated environment preferred

Vulnerability governance and oversight experience

Application of risk and controls frameworks

Risk assessment support and risk documentation

Governance reporting and compliance monitoring

Process flow documentation and workflow mapping

Risk-based escalation and exception tracking

Metrics development and KRI tracking

Dashboard development and data visualization

Executive- level communication and presentation

Certifications:

CISA (Certified Information Systems Auditor) – preferred

CRISC (Certified in Risk and Information Systems Control) – preferred

Security + or equivalent foundational security certification – a plus

Competencies:

Risk-based thinking and analysis

Governance and oversight mindset

Framework-driven decision making

Analytical and quantitative reasoning

Process orientati9on and workflow design capabilities

Attention to detail and data integrity

Professional judgment and escalation discipline

Stakeholder communication and influence

Ability to manage multiple reporting cycles and deadlines

Target Pay Range: $ - $ a year Internal

Job Title:

Vulnerability Management - Technology Assessment - Senior…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search