Information Security Lead Risk and Control Analyst, Issue and Event Management

Navy Federal Credit Union

VA, Winchester
Posted 4 months ago

Information Security Lead Risk and Control Analyst, Issue and Event Management


Navy Federal Credit Union


Winchester, VA

Apply for this job


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us

We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we’re looking for team members who are passionate about our mission—making a difference in military members’ and their families’ lives. Together, we can make it happen.

Don’t take our word for it.

  • Military Times 2022 Best for Vets Employers
  • Yello and WayUp Top 100 Internship Programs
  • Forbes® 2022 The Best Employers for New Grads
  • Fortune Best Workplaces for Women
  • Fortune 100 Best Companies to Work For®
  • Fortune Best Place to Work for Financial and Insurance Services
  • Computerworld® Best Places to Work in IT
  • Ripplematch Campus Forward Award – Excellence in Early Career Hiring

Basic Purpose

Information Security Lead Risk and Control Analyst – Issue and Event Management program supports Navy Federal Credit Union’s (NFCU) Security Division in effectively managing the Enterprise’s Security risks and overall program. This position will support the first line of defense Operational Risk Management (ORM) role focused on the strategy, planning, maintenance, and enhancements for the Issue and Event Management program as part of the overall security risk management and governance organization. This role will collaborate with business unit risk management delegates across the enterprise to drive the identification, assessment, and mitigation of Security risks. The successful candidate will also support the development and delivery of reporting to provide input into the security risk landscape. The individual will use extensive industry, risk management and applied real-world experience to oversee complex issues and programs focused on developing pragmatic solutions that support NFCU risk appetite. Ensure security governance and risk management activities align with strategic business initiatives from NFCU Senior Leadership Team, achieve business and quality objectives, streamline, and automate where possible to enhance operating procedures. Promote operational efficiency and service excellence through appropriate risk controls, process improvements and training.


  • Drive the Issue and Event Management for Security with scale horizontally across the enterprise
  • Ensure the effective identification of best practice resource tools which supports NFCU Standards and Control Procedures to mitigate risk
  • Collaborate with cross-functional teams to implement effective programs and measures designed to identify and mitigate risks associated with business operations
  • Develop and implement operational risk management frameworks, methodologies, reporting, quantification/testing, policies, standards, and procedures as appropriate
  • Provide regulatory and compliance assessments of products and/or services for the division
  • Gather and synthesize data; present conclusions and offer risk mitigation, remediation, and process improvement solutions to management
  • Assess exposure to risk, ways to measure operational risk, establishes policies and procedures to minimize risk, identifies ways to protect the organization from financial loss and reputational damage
  • Team player with participation in Security-related special projects, councils, working groups, etc. as a Risk SME


  • A minimum of 4-6 years of experience leading risk and/or compliance related activities in regional, national, or global financial services or other relevant industry, especially Operational Risk Programs.
  • Extensive knowledge of industry leading risk management frameworks such as COSO, COBIT, NIST CSF, ITIL)
  • Working knowledge of Security core processes such as Identity Access Management, Cyber Security Operations, Vulnerability Management, Third Party Risk Management, Data Loss Prevention, BSA/AML, Fraud, Network and Cloud Security, etc.
  • Working knowledge of at least one data protection and/or privacy framework (e.g. DMM, DMBOK, NIST Privacy Framework)
  • Advanced knowledge of information technology systems, project processes, and application development
  • Advanced research, analytical, and problem-solving skills
  • Advanced skill building effective relationships with all levels of staff, management, stakeholders, and vendors, through rapport, trust, diplomacy, and tact
  • Advanced verbal, written, interpersonal, and presentation skills to communicate clearly and concisely technical and non-technical information to all levels of management and a strong EQ
  • Effective skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes
  • Advanced skill exercising initiative and using good judgment to make sound decisions
  • Strong presentation writing and creation skills (advanced Microsoft PowerPoint)
  • Highly independent, organized, and able to work autonomously in a fast-paced and time sensitive setting to produce accurate and compelling reports
  • Knowledge of federal banking safety and soundness regulations and extensive familiarity of FFIEC and examination approaches from NCUA, OCC, FHFA and the CFPB (or other globally known regulations with the ability to quickly familiarize with these regulatory bodies as they related to Navy Federal)

Desired Qualifications

  • Professional certifications including, but not limited to any of the following: ORM, CISA, CISM, CISSP, CRISC, CIA, CIPP, AWS, AZURE, CCSA etc.
  • Professional or planned date for certification in Operational Risk, and/or specialized in Technology or Information Security
  • Working knowledge of the MITRE attack framework

Hours: Monday – Friday, 8:00AM – 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602

Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report on-site 4-16 days each month. The number of days reporting on-site will ultimately be determined by the employee’s leadership and business unit needs. You will learn more throughout the hiring and on boarding process.

Salary Range: $101,000- $185,200 annually

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Posting End Date: 06/02/2023

Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume.


Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Employee Referrals

This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.




Job Features

Job CategoryComputer Science

Apply Online