×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Business Analyst

VM Governance Analyst

Job in Reston, Fairfax County, Virginia, 22090, USA
Listing for: The Fannie Mae
Full Time position
Listed on 2026-03-10
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 109000 - 142000 USD Yearly USD 109000.00 142000.00 YEAR
Job Description & How to Apply Below
Playing an essential role in the U.S. economy, Fannie Mae is foundational to housing finance. Here, your expertise can help fuel purpose-driven innovation that expands access to home ownership and affordable rental housing across the country. Join Fannie Mae to grow your career and help people find a place to call home.

Job Description
** THE IMPACT YOU WILL MAKE
** The
** VM Governance Analyst
** role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:
* Apply risk and controls frameworks to support vulnerability governance and oversight
* Ensure compliance with established risk frameworks, control requirements, and internal policy standards
* Assist in governance activities, risk assessments, and reporting processes
* Maintain vulnerability management standard, procedures, and guidelines
* Document and update process flows and workflow diagrams
* Support control effectiveness monitoring related to vulnerability remediation
* Gather, validate, and analyze vulnerability data for governance and leadership reporting
* Track remediation progress and SLA adherence across technology domains
* Identify vulnerabilities requiring risk escalation and exception review
* Prepare and present PowerPoint presentations for leadership, governance working groups and audit reviews
* Maintain documentation for risk acceptance, control validation, audit and regulatory reviews
* Produce recurring operational and executive-level metrics and dashboards
* Identify trends, systemic risks, and opportunities for process improvement
** Minimum Required Experiences:
*** 2 years experience
* Understanding of cybersecurity vulnerabilities and remediation life cycles
* Strong understanding of risk frameworks (e.g. NIST)
* Working knowledge and acknowledgement of controls frameworks (e.g. NIST, ISO
27001, COBIT)
* Ability to support structured risk assessments (likelihood, impact, residual risk)
* Ability to ensure compliance with risk frameworks, control requirements, and standards
* Advanced Microsoft Excel skills (pivot tables, VLOOKUP, data cleansing, trend analysis)
* Strong PowerPoint presentation skills for leadership-level reporting
* Experience translating technical vulnerability data, analyzing large datasets and identify actionable risk-focused insights
* Strong technical writing skills with ability to draft standards, procedures, guidelines, and process documentation
* Ability to document and visualize process flows and governance workflows
** Desired Experiences:
*** Bachelor degree or equivalent
* 5+ of experience in cybersecurity, vulnerability management, IT risk, audit, compliance, or governance-related roles
* Experience supporting vulnerability reporting, risk assessments, governance processes, drafting standards and procedures, or compliance activities preferred
* Experience working with metrics, dashboards, or executive-level reporting in an enterprise or regulated environment preferred
* Vulnerability governance and oversight experience
* Application of risk and controls frameworks
* Risk assessment support and risk documentation
* Governance reporting and compliance monitoring
* Process flow documentation and workflow mapping
* Risk-based escalation and exception tracking
* Metrics development and KRI tracking
* Dashboard development and data visualization
* Executive- level communication and presentation
*
* Certifications:

*** CISA (Certified Information Systems Auditor) – preferred
* CRISC (Certified in Risk and Information Systems Control) – preferred
* Security + or equivalent foundational security certification – a plus
*
* Competencies:

*** Risk-based thinking and analysis
* Governance and oversight mindset
* Framework-driven decision making
* Analytical and quantitative reasoning
* Process orientati9on and workflow design capabilities
* Attention to detail and data integrity
* Professional judgment and escalation discipline
* Stakeholder communication and influence
* Ability to manage multiple reporting cycles and deadlines
** Target Pay Range:**  $ - $ a year
** Internal

Job Title:

** Vulnerability Management - Technology Assessment - Senior…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search