Lead Risk Management Analyst

Navy Federal Credit Union - Winchester, VA

posted 3 months ago

Full-time - Mid Level
Winchester, VA
Credit Intermediation and Related Activities

About the position

This role is specifically designated to support the Security Governance & Risk - Issue and Event Management with a focus on data security events, data exfiltration events, cyber incidents as well as third-party events. The position requires experience in cyber threat analysis, third-party incident response, data breach management, risk management, and an understanding of the Operational Risk Management (ORM) framework as it relates to issue management. The successful candidate will support the daily operations of data security event management and partner with the Office of General Counsel and Compliance to process data security and privacy breach events. The role promotes operational efficiency and service excellence through appropriate risk management strategies, process improvements, and training while reducing and mitigating operational, reputational, legal/regulatory, and financial losses. Additionally, the candidate will provide analytical support and execution for various business strategies to ensure Navy Federal goals are met.

Responsibilities

  • Manage identification of third-party events to engage applicable business partners, InfoSec, Third Party Risk Management, third-party vendor, and relationship owner.
  • Articulate implications of risks and issues related to data management and protection to sponsors and risk owners.
  • Assist in gap analysis and identification of applicable IT/Cyber related controls.
  • Assist in the development and execution of Table Top Exercises related to Data security event management.
  • Translate control deficiencies into action plans and provide recommendations to enhance governance practices in alignment with risk and compliance frameworks.
  • Experience in GRC tool submission for data security event tracking and capturing remediation activities.
  • Participate in Security-related special projects, councils, working groups, etc. as a Risk Subject Matter Expert (SME).
  • Aid in the development of remediation plans.
  • Facilitate root cause analysis.
  • Assess the impact and likelihood of an issue and provide justification for the ratings.
  • Leverage various communication channels to obtain required information.
  • Support metrics and reporting focused on issues and event processes and results.
  • Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions.
  • Perform other duties as assigned.

Requirements

  • Bachelor's Degree in Business Administration, Auditing, Law or related field or equivalent combination of training, education, and experience.
  • Advanced knowledge and understanding of risk-based auditing techniques and methodologies.
  • General knowledge of operational and regulatory risk controls, concepts, and practices.
  • General knowledge of applicable federal and state regulations, company policies, and industry best practices.
  • Proven ability to plan, organize and effectively execute risk mitigation and process improvement initiatives.
  • Ability to maintain professionalism when delivering challenging and unfavorable messages.
  • Advanced organizational, planning and time management skills in order to multi-task competing priorities in a fast-paced and dynamic environment.
  • Expert skill maintaining accuracy with attention to detail and meeting deadlines.
  • Expert communication and negotiation skills with ability to exercise good judgement and tact in dealing with senior management.
  • Significant experience in collaborating across organizational boundaries and building partnerships across various functions.
  • Expert demonstrating thought-leadership, initiative-taking, decision-making and creativity solving business problems.

Nice-to-haves

  • Master's or Advanced Degree in Business Administration, Auditing, Law or related field or equivalent combination of training, education, and experience.
  • NCCO, CRCM, or other applicable compliance certification.
  • Working knowledge of Navy Federal's functions, philosophy, operations and organizational objectives.
  • Advanced knowledge of state and Federal laws; industry regulations, principles, and practices; and company policies that govern the business unit's products/services.
  • Professional certifications including, but not limited to any of the following: FRM, PRM, ORM, CISA, CISM, CISSP, CGEIT, CRISC, CFE, CPA, CIA, CIPP, ISA, AWS etc.
  • Working knowledge of the MITRE attack framework.

Benefits

  • Health insurance coverage
  • Dental insurance coverage
  • Vision insurance coverage
  • 401k benefit for retirement savings plan
  • 401(k) matching benefit
  • Paid holidays
  • Paid volunteer time
  • Flexible scheduling options
  • Professional development opportunities
  • Tuition reimbursement
  • Employee discount programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service