• Senior Information Security Risk Analyst

    Job Locations US-MD-Bethesda
    Job ID
    # of Openings
    Information Security/Cyber Risk
    Regular Full-Time


    CSS Logo_joint venture




    The Company


    Common Securitization Solutions (CSS) is seeking an experienced Senior Information Security Risk Analyst  to join our team of talented professionals in Bethesda, Maryland.


    How many times in your career do you get the opportunity to do something that’s never been done? To create something that will change an entire industry? CSS is building the Common Securitization Platform to issue and manage mortgage securities. We’re looking for people who can walk in two worlds – a start-up environment where development is collaborative and rapid; and a production environment where we run and monitor the performance of the platform. Longer-term, this platform could serve the entire US housing finance industry. Sound transformative? It is. Come join us and help create something remarkable.



    Job Information

    CSS is expanding its information security function and is seeking an experienced and knowledgeable senior risk analyst to execute critical aspects of the CSS Information Security Risk Management function. This individual will be working in a high-performing technical environment. This individual will also work closely with the business and technology teams to develop a strong understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. The ideal candidate will be a technical security specialist with strong business acumen who can bridge the gap between business and technology and can understand operational impact. A well-qualified candidate will be comfortable working with executive and technical leadership around the company to embed a security-focused mindset in all areas. 

    The position provides an opportunity to participate in an energetic and fast paced environment using the latest in technology and tools to build and secure an advanced financial services processing platform running in a virtual cloud-based datacenter. This position will report to the CSS Information Security Risk Management Lead. 

    Key Job Functions


    • Act as a trusted advisor and partner in risk-based decision making with Business, IT, and Information security stakeholders in CSS and in our client investor organizations (Fannie Mae and Freddie Mac)
    • Execute technical risk assessments, advise business and IT leaders on risk of initiatives
    • Define and execute Third Party / Vendor Information Security Risk Assessment programs
    • Perform POA&M oversight and Audit Remediation initiatives across the infrastructure and information systems to satisfy compliance requirements and manage risks to an acceptable level by building relationships and working directly with system and business process
    • Coordinate with enterprise risk management function for appropriate impact analysis
    • Analyze organizational information security policy needs based on stakeholder interactions, develop and publish policy, standards, security handbook, and procedures for implementation ensuring alignment with NIST 800-53 Rev 4




    • Bachelor's degree in Computer Science, Information Systems,  or a related technical field.


    Minimum Experience  

    •  Minimum 6 years of experience
    • Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. CSS does not offer H-1B sponsorship for this position.


    Specialized Knowledge & Skills     

    • Extensive experience and expertise in security policy creation and lifecycle management, auditing methodology, and technology risk assessments
    • Experience with technical control testing aligned with NIST 800-53 and/or FISMA
    • Experience with web application assessment, network penetration testing, and vulnerability research
    • Candidate should have a working knowledge of common OS and domain structures, servers, services, and associated vulnerabilities
    • Candidate should have experience with Windows, Linux, Red Hat, etc. hosts, operating systems and applications
    • Candidate should have a working knowledge of network engineering and local and wide area (LAN/WAN) technologies and topologies
    • Knowledge of cloud deployments and associated risk considerations is highly desirable
    • Ability to document and explain risks and vulnerabilities to both business and technical stakeholders
    • Solid understanding of information security policies, standards, industry best practices, and frameworks (ISO 27K, NIST 800-53, FISMA, BITS etc.)
    • Experience deploying GRC solutions and leveraging for policies, standards, risk and vulnerability tracking with asset management integration etc.
    • Experience building and running a cyber security training and awareness program
    • Excellent interpersonal skills, presentation skills, and verbal / written communication skills
    • Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives
    • Ability to manage multiple priorities – projects, deliverables, and stakeholders 
    • Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives
    • Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies
    • Industry Certification required, e.g. CISSP, CISA, CISM or equivalent designation
    • Demonstrated experience using and managing Risk Management tools is required 
    • Secondary mortgage market or equivalent financial services experience is an advantage


    As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.   


    Common Securitization Solutions is an Equal Opportunity Employer.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Need help finding the right job?

    We can recommend jobs specifically for you! Click here to get started.