Senior Technical Risk Analyst (Asset Risk Assessment)

Support Security Governance & Risk (SG&R) in a lead role with high multi-facet Business and IT insight to ensure Navy Federal Credit Union’s (NFCU) Security Division in effectively managing the enterprise’s Security risks and overall program through technical implementation. 

This position will be responsible for implementing focused risk management strategy and methodology within NFCU enterprise anchor platform. Iterative annual enhancements and modernizations as well as overall maintenance and ad hoc adjustments corresponding to the IT technical needs of the program. This role straddles both functionalities pertaining to first and second lines of defense functionality for security risk management and governance of the Asset Risk Assessment (ARA) Program. 

This role will collaborate heavily with Enterprise Risk Management (ERM) and Enterprise Technology Services (ETS) partners, NFCU asset Business and IT owners, and Business Unit risk management delegates across the enterprise to identify and assess Inherent Risk, Control Effectiveness, and Residual Risk compiling the generation of not only risk prioritization, reporting and dashboards, but also high value attribute data population serving to facilitate data integrity and credibility to the enterprise asset inventory/repository.

Individual will use extensive IT, risk management, and cyber security industry best practices and applied real-world experience to lead the Program iteratively through greater security governance and risk identification, developing pragmatic solutions to address NFCU established risk appetites. Ensure security governance and risk management activities align with strategic business/project initiatives from NFCU Senior Leadership Team, achieve business and quality objectives, streamline, and automate where possible to enhance operating procedures. Promote operational efficiency and service excellence through appropriate risk controls, process improvements and training. 

This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.

• Scale vertically and horizontally across the enterprise driving asset Inherent and Residual Risk for Security within an enterprise gateway assessment.
• Ensure the effective identification of best practice resource tools which supports NFCU Standards and Control Procedure mapping to mitigate risk for asset owner population within the Enterprise Source of Record/Inventory Repository.  Provide experienced guidance and advice to partner ETS organization on updates to the enterprise GRC platform related to compliance. Work closely with ETS governance committees for data integrity.
• Identify iterative areas to monitor due to annual regulation changes and examination feedback. 
• As applicable, articulate data context definitions of Inherent, Control Effectiveness and Residual Risk attributes related to reporting and dashboard metrics.
• Inform the Business and IT in a federated accountability fashion of asset ARA output.
• Inform the Control Assurance Team(s) and other downstream impacted programs for testing frequency of assets. Maintain working relationship within end-to-end workflow to obtain an overall calculated, validated and evidenced residual risk per asset.
• Team player with participation in Security-related special projects, councils, committees, working groups, etc. as a Risk SME

• Bachelor’s degree in information technology, Computer Science, Risk Management, or a related field or equivalent combination of training, education and experience
• A minimum of 10 years of experience leading technical programming initiatives and/or operational risk/compliance related activities in regional, national or global financial services or other relevant industry
• Extensive knowledge as a Security technical system administrator configuring core processes such as ITAM, ITSM, ITBM, CMDB, PPM, IAM, Cyber Security best practices for control mitigation, Vulnerability Management, Business Continuity, Third Party Risk Management, Data Loss Prevention, Network and Cloud Security, etc.
• Extensive technical knowledge of risk GRC platform such as ServiceNow, OpenPages, Archer
• Extensive technical experience in large scale strategic project SDLC development and implementation of risk management frameworks within enterprise eGRC Tool 
• Advanced verbal, written, interpersonal skills to communicate clearly and concisely technical and non-technical information to all levels of management and a strong EQ
• Advanced knowledge of information technology systems, project processes, and application development with the ability to directly work with clients through workshops, development, UAT improvements, and production deployment.
• Advanced skill building and presentation skills effective in relationship building with all levels of staff, management, stakeholders, and vendors, through rapport, trust, diplomacy, and tact
• Advanced research, analytical, and problem-solving skills
• Effective skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes
• Advanced skill exercising initiative and using good judgment to make sound decisions
• Strong presentation writing and creation skills (advanced Microsoft PowerPoint)
• Highly independent, organized and able to work autonomously in a fast-paced and time sensitive setting to produce accurate and compelling reports
• Knowledge of industry leading risk management frameworks such as COBIT, NIST CSF, ITIL
• Knowledge of federal banking safety and soundness regulations and extensive familiarity of FFIEC and examination approaches from NCUA or other globally known regulations with the ability to quickly familiarize with these regulatory bodies as they relate to Navy Federal

Desired Qualifications

• Significant experience in developing technical documentation 
• Extensive experience managing multiple priorities independently and/or in a team environment to achieve goals 
• Expert skill capturing and translating technical processes and requirements into easily understood terms 
• Advanced skill communicating complex technical concepts to non-technical audiences 
• Advanced skill identifying and analyzing technical requirements and recommending solutions 
• Advanced research, analytical, and problem-solving skills 
• Expert verbal and written communication skills 
• Advanced skill presenting findings, conclusions, alternatives, and information clearly and concisely 
• Advanced skill working with all levels of management, supervisors, stakeholders and vendors 
• Experience creating/editing presentations using software or other types of material/media 
• Advanced organizational, planning and time management skills Advanced skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive, Pensacola, FL 32526 | 141 Security Drive Winchester, VA 22602

Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

Our approach to careers is simple yet powerful: Make our mission your passion.

• Best Companies for Latinos to Work for 2024
• Computerworld® Best Places to Work in IT
• Forbes® 2025 America’s Best Large Employers
• Forbes® 2024 America's Best Employers for New Grads
• Forbes® 2024 America's Best Employers for Tech Workers
• Fortune Best Workplaces for Millennials™ 2024   
• Fortune Best Workplaces for Women ™ 2024
• Fortune 100 Best Companies to Work For® 2024
• Military Times 2024 Best for Vets Employers
• Newsweek Most Loved Workplaces
• 2024 PEOPLE® Companies That Care
• RippleMatch Recruiting Choice Award
• Yello and WayUp Top 100 Internship Programs

From Fortune. ©2024 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected Veteran.

Hybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.