Technical Risk Analyst (Security GRC Platform Administration)

Enables GRC platforms and services, including Issue and Event Management, RCSA and Control Testing, Policy and Compliance, Vulnerability Response, Security Incident Response and Security Operations. To administer the department’s risk platform, managing the platform’s daily operations, data integrity, and reporting capabilities.

This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.

• Administer and maintain the organization’s risk platform, ensuring accurate data entry, system configuration, and user access management
• Manage user roles, permissions, and access groups with the platform to ensure appropriate access to risk data and reports
• Support the integration of risk management processes within the platform to ensure alignment with organizational objectives and regulatory requirements
• Design, implement, and manage risk related workflows and automation rules based on various Security teams’ needs
• Provide technical support and troubleshooting for platform-related issues to internal teams
• Generate and distribute regular risk reports, highlighting trends, issues, and mitigation strategies
• Use advanced Excel skills to analyze and import data to provide actionable insights and recommendations to stakeholders
• Ensure data accuracy, consistency, and integrity across the risk platform
• Perform regular data audits to identify and resolve discrepancies
• Collaborate with other departments to gather relevant risk data and upload it into the platform
• Train staff on the effective use of the risk platform, ensuring team members can utilize the system to track and report risks
• Provide ongoing support and guidance to users on risk-related queries and platform functionalities

• Bachelor’s degree in Computer Science, Information Security, or the equivalent combination of training, education, and experience
• Minimum of 2 years of hands-on experience with Governance, Risk, Compliance risk management tools with an emphasis on supporting Information Security processes including issue and event management, RCSA, control testing, policy and compliance, maturity assessments, Security incident response and Security operations
• Demonstrates in-depth product knowledge and implementation experience in one or more GRC platforms such as ServiceNow, RSA Archer, LogicManager, or MetricStream
• Hands on experience leading GRC engagements, delivering process design, technical design, defining agile stories and demonstrates thought leadership across the product suite and functional capabilities
• Good understanding of data management concepts and related reporting solution development
• Experience in the analysis, design, and/ or implementation of information technology in a secure environment
• Experience in information security assessment, administration, and management
• Comprehensive knowledge and understanding of best practices, trends related to information security
• Comprehensive knowledge of information security regulations and legislations
• Highly developed communication skills including preparing and presenting results, findings and alternatives and influencing management decision making based on the best available data
• Knowledge of NCUA and FFIEC regulations, GLBA, PCI and other information security requirements and frameworks
• Proficiency in Microsoft Excel
• Formal project management experience which involved organization skills, managing strategy, project communications (internal and external to team), and planning and directing the work of participants
• Strong research, analytical, and problem-solving skills with attention to detail

Desired Qualifications 

• Advanced college degree in information security, cyber security, information technology, etc.
• Experience with security systems, assessment tools, and technical security, and performing information security assessments
• Experience in the financial services industry with a focus on information security and information technology
• GRC product certification such as ServiceNow Certified System Administrator or RSA Archer administration
• Experience working with Business Process Model and Notation (BPMN), workflow design and business process analysis
• Advanced knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
• Advanced knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
• Master’s degree in Computer Science, Information Security, or related field
• Professional certification in the information security sector (CRISC, CISM, CISSP)

 Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180

Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

Our approach to careers is simple yet powerful: Make our mission your passion.

• Best Companies for Latinos to Work for 2024
• Computerworld® Best Places to Work in IT
• Forbes® 2024 America’s Best Large Employers
• Forbes® 2024 America's Best Employers for New Grads
• Forbes® 2024 America's Best Employers for Tech Workers
• Fortune Best Workplaces for Millennials™ 2024   
• Fortune Best Workplaces for Women ™ 2024
• Fortune 100 Best Companies to Work For® 2024
• Military Times 2024 Best for Vets Employers
• Newsweek Most Loved Workplaces
• 2024 PEOPLE® Companies That Care
• RippleMatch Recruiting Choice Award
• Yello and WayUp Top 100 Internship Programs

From Fortune. ©2024 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity: Navy Federal values and celebrates diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected Veteran.

Hybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.