Description:

Understand regulatory IT compliance requirements and be able to translate those into business and IT processes and controls to enhance and support Navy Federal’s (Service Transition) compliance and audit capabilities. To ensure that standardized methods and procedures are used during the planning, assessment, approval, and implementation of IT changes to control risk, minimize service disruption, and provide quality service to Navy Federal members and staff.

  • Incorporate and leverage industry frameworks and best practices while maintaining alignment with Navy Federal’s goals and capabilities.
  • Serve as point of contact for audit and risk management inquiries about Service Transition's controls and activities
  • Work closely with Enterprise Risk Management, Information Security and IT Risk teams
  • Lead small / medium-sized projects related to Change Management / Service Transition risk & compliance based process improvements
  • Understanding of agile development methodologies, DevSecOps and CI/CD principles
  • Quickly gain an understanding of internal Controls, Standards and Directives with the ability to relate to IT processes
  • Knowledge and experience with industry frameworks such as NIST 800-53, 800-39, 800-37, ISO 27005, CIS, ACET and other applicable IT Risk frameworks
  • Coordinate with the Service Transition teams to ensure compliance with IT requirements, standards, practices, and processes to effectively manage risk and maintain the security and health of our services.
  • Evaluate the performance and trends of Service Transition risk and compliance-related activities and controls, including defining and monitoring metrics, KPIs, and SLAs
  • Assist with identifying and remediating any control deficiencies or findings.
  • Monitor and evaluate Navy Federal’s Service Transition dept including planning, evaluating, approving, and implementing functions for all IT software and infrastructure changes.
  • Collaborate with Project Management teams, business stakeholders, and Business Relationship Management to ensure technical software and infrastructure change schedules align with internal goals, strategies, and priorities.
  • Prepare reports and presentations for leaders, managers, analysts, and engineers.
  • Ensure audit and risk requests are communicated to appropriate personnel, such as subject matter experts, and track progress of responses.
  • Coordinate with internal and external auditors and risk assessment groups to provide applicable artifacts in a timely manner.
  • Document and Analyze processes and workflows to understand value chain, input/output, to improve and/or automate service performance.
  • Prepare remediation plans for identified technical and operational Issues
  • Evaluate IT software and infrastructure production changes and make recommendations based upon conformity to policy, assessed risk, readiness, and completion of change data.
  • Develop, recommend, and document adjustments to workflow to streamline processes.
  • Prepare training materials and provide training to staff.
  • Perform other duties as assigned