Senior Technical Risk Analyst (InfoSec TPRM)

Overview

Conduct information security oversight and monitoring of complex, critical, and/or high visibility Navy Federal third parties; evaluate third party security programs, procedures, controls, and information systems; identify and report on third party technical control gaps and risks; and monitor and validate third party finding remediation. Applies full range of specialized skills and job knowledge and frequently adapts procedures, techniques, tools, materials, and/or equipment to meet specialized needs. Guide and review work of junior analysts to ensure consistent and high quality assessment and remediation output. Work is performed under general direction.

Responsibilities

• Perform risk assessments and security testing of critical, complex, and/or high visibility Navy Federal third parties, including on-site and virtual interviews of subject matter experts and technical sampling.
• Monitor program workflow and requests and assign tasks and responsibilities to junior analysts.
• Monitor the performance of risk assessments and security testing of Navy Federal third parties conducted by junior analysts.
• Monitor junior analyst performance metrics for compliance with defined program thresholds, targets, and SLAs.
• Validate the analysis and perform quality control reviews of work performed by junior analysts including:
• Reviews of Navy Federal third-party information security programs, procedures, and information systems.
• Evaluation of the design and implementation of third-party technical controls.
• Identification of ineffective, inadequate, or absent third-party security controls and quantification of risk to Navy Federal.
• Analysis of technical intelligence data and reporting and identification of information security concerns related to third party control environments.
• Perform third-party finding remediation and monitor junior analyst review of third-party remediation responses and evidence to confirm third party compliance with Navy Federal information security control expectations.
• Provide feedback, training, and support to junior analysts.
• Maintain expert knowledge of information security best practices and industry trends and apply them to process and policy improvements and compliance actions.
• Participate in and lead Agile scrum activities supporting the delivery of program enhancements and projects.
• Build and maintain strong relationships with team members, leadership, key business unit stakeholders, and third parties.
• Influence program governance processes including creation and publishing of program documentation, maintenance of repositories, and response to audit and exam requests.
• Influence continuous improvement of the InfoSec TPRM program; identify opportunities to improve or enhance the program.
• Develop and propose key program performance and risk metrics.
• Perform other related duties as assigned.

Qualifications

• Bachelor's degree in Computer Science, Information Security, related field, or the equivalent combination of training, education, and experience
• At least 1 professional Information Security certification. Validation of certification is required
  • Shared Assessments Certified Third Park Risk Professional (CTPRA)
  • Third Party Risk Association Third Party Cyber Assessor (TPCRA)
  • Certification in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Auditor (CISA)
  • Certified Information Security Manager (CISM)
• Extensive experience independently executing information security third party risk assessments, including on-site/in-person assessments, for a financial institution
• Experience independently working with third parties to remediate findings resulting from risk assessments
• Experience working with the Shared Assessments Standard Intelligence Gathering (SIG) questionnaire
• Advanced knowledge of NCUA, FFIEC, GLBA, AICPA TSC, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
• Significant experience in auditing principles and frameworks such as COSO, COBIT, and ISO
• Experience as a supervisor, people manager, project manager, team leader, or other leadership role
• Extensive experience in information security processes, concepts, principles, and methodologies
• Significant experience in performing audit and information security risk assessments
• Significant experience in working with all levels of staff, management, stakeholders, and vendors
• Significant experience in creating, generating, and maintaining data, reports, queries, etc.
• Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals
• Expert research, analytical, and problem-solving skills
• Expert skill presenting findings, conclusions, alternatives, and information clearly and concisely
• Expert organizational, planning, and time management skills
• Expert skill building effective relationships through rapport, trust, diplomacy, and tact
• Expert verbal and written communication skills
• Expert skill analyzing and organizing problems or work processes for technical solutions

Desired Qualifications

• Advanced degree in Information Security, Cyber Security, Information Technology, or related field
• Experience with Agile processes, methodologies, and journey mapping

Hours: Monday - Friday, 8:00AM - 4:30PM

Locations: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive, Pensacola, FL 32526 | 141 Security Drive, Winchester, VA 22602 | 9999 Willow Creek Road, San Diego, CA 92131

About Us
Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

Our approach to careers is simple yet powerful: Make our mission your passion.

Best Companies for Latinos to Work for 2024

Computerworld Best Places to Work in IT

Forbes 2024 America's Best Large Employers

Forbes 2024 America's Best Employers for New Grads

Forbes 2024 America's Best Employers for Tech Workers

Fortune Best Workplaces for Millennials 2024

Fortune Best Workplaces for Women 2024

Fortune 100 Best Companies to Work For 2024

Military Times 2024 Best for Vets Employers

Newsweek Most Loved Workplaces

2024 PEOPLE Companies That Care

Ripplematch Recruiting Choice Award

Yello and WayUp Top 100 Internship Programs

From Fortune . 2024 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected Veteran.

Hybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.