Principal Technical Risk Analyst

Responsible for overseeing the identification, assessment, and mitigation of technical risks across the organization's systems, infrastructure, and technology stack. This role involves working closely with cross-functional teams to implement strategies that minimize risks while ensuring compliance with internal policies and external regulations. Responsible for identifying, evaluating, and mitigating technical risks associated with projects, systems, or technologies within an organization. This role combines technical expertise, risk management skills, and leadership to ensure that technical risks are managed effectively, safeguarding the company's operations, data, and reputation. Work independently to interpret and develop solutions to complex business challenges that have a significant impact on the function or branch. Specialized skill set and proficiency with procedures and techniques. Recognized as an expert in own area within the organization.

• Lead the assessment of technical risks in existing systems and upcoming projects
• Evaluate technologies, infrastructure, and processes for potential vulnerabilities and failure points
• Conduct in-depth analysis of risks related to software, hardware, cybersecurity, data integrity, and operational processes. Use qualitative and quantitative methods to rank risks by impact and likelihood
• Develop and implement mitigation plans to reduce identified technical risks
• Collaborate with engineering, IT, and product teams to execute risk mitigation initiatives effectively
• Lead the response to technical incidents that present risks to the organization, including root cause analysis and action plans to prevent recurrence
• Provide clear, concise reports to senior leadership, outlining key technical risks and mitigation progress. Serve as the point of contact for all technical risk-related matters
• Ensure that all technical activities are compliant with regulatory requirements and internal governance frameworks. Collaborate with legal and compliance teams to stay updated on relevant laws and standards
• Lead and drive ongoing risk management improvements through process optimization, technology upgrades, and staff training. Recommend proactive measures to preempt potential risks
• Assess and manage risks associated with external vendors and third-party services. Ensure that third-party technologies comply with organizational security and risk standards
• Work closely with the security team to ensure that technical risks related to cybersecurity are identified, evaluated, and mitigated. Help implement security protocols, audits, and response strategies
• Lead risk management training programs to ensure employees are aware of potential technical risks and are equipped to prevent and respond to incidents
• Maintain accurate documentation of risk assessments, mitigation plans, incident responses, and any actions taken. Ensure these records are accessible for auditing purposes
   

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Engineering, or a related technical field or equivalent combination of training, education and experience
• Subject matter expert within business area/specialization with understanding of interrelationships of different disciplines
• Significant experience in risk management, IT, cybersecurity, or a related technical field
• Proven experience managing large-scale technical projects with high levels of risk
• Significant experience working in regulated industries is a plus (e.g., finance, healthcare, government)
• Significant knowledge of IT systems, software development, cloud technologies, and cybersecurity best practices
• Significant knowledge of risk management frameworks such as NIST and ISO 27001
• Ability to assess complex technical systems and identify risks through both qualitative and quantitative analysis
• Proven ability to lead cross-functional teams, manage stakeholders, and communicate risk effectively at all levels of the organization
• Excellent verbal and written communication skills, with the ability to translate technical risks into business language for non-technical stakeholders
• Strong critical thinking and problem-solving skills to identify, assess, and mitigate risks in a dynamic environment
• Significant Crisis Management experience 
• Significant Cybersecurity & IT Governance experience 
• Significant Vendor Risk Management experience 
• Advanced Communication & Leadership skills
• Advanced knowledge of Regulatory Compliance

 
Desired Qualifications

• Master’s Degree in related field or equivalent combination of training, education and experience.
• Certified Information Systems Security Professional (CISSP)
• Certified Risk and Information Systems Control (CRISC)
• Project Management Professional (PMP)
• Certified Information Systems Auditor (CISA)

Hours: Monday - Friday, 8:00AM - 4:30PM  (Regular on-call hours are required)

Locations: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 

Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

Our approach to careers is simple yet powerful: Make our mission your passion.

• Best Companies for Latinos to Work for 2024
• Computerworld® Best Places to Work in IT
• Forbes® 2025 America’s Best Large Employers
• Forbes® 2024 America's Best Employers for New Grads
• Forbes® 2024 America's Best Employers for Tech Workers
• Fortune Best Workplaces for Millennials™ 2024   
• Fortune Best Workplaces for Women ™ 2024
• Fortune 100 Best Companies to Work For® 2025
• Military Times 2024 Best for Vets Employers
• Newsweek Most Loved Workplaces
• 2024 PEOPLE® Companies That Care
• RippleMatch Recruiting Choice Award
• Yello and WayUp Top 100 Internship Programs

From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to age, race, sex, color, religion, national origin, disability, veteran status, pregnancy, sexual orientation, genetic information, gender identity or any other basis protected by applicable law.

Hybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.