Basic Purpose

This role is specifically designated to support the Operational Risk Management (ORM) role for Issue Management. The Contractor Analyst will be experienced in risk management, risk and control self assessments (RCSA), standards, and enterprise Governance, Risk and Compliance (GRC) tool operations. The Analyst will understand how ORM framework applies to the business and be able to articulate need for issue management. The Contractor Analyst will be responsible for supporting the daily operations of issue management, partnering with RCSA and control testing teams as well as issue remediation tracking. Research, facilitate meetings, and support the business in ensuring issues are captured timely. Perform in depth and comprehensive gap analyses to determine the root cause of process gaps and regulatory compliance failures. Understanding of, and ability to articulate, the three lines of defense model. Ability to articulate the difference between risk, issue and event.

Responsibilities

  • Attend meetings with stakeholders within IT and across the credit union to assess and encourage the need for submitting issues impacting information security.
  • Aid in the development of action plans and ensure those plans will address the root cause of the issue.
  • Ability to review evidence packages to confirm successful remediation of issue. Prior Audit experience a plus
  • Leverage various communications channels and conduct meetings to obtain required information.
  • Familiarity with GRC tools especially the Logic Manager platform
  • Support metrics and reporting around issues and event processes.
  • Aid the business units in understanding issue management.
  • Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions.
  • Perform other duties as assigned

Qualifications

  • Experience in the credit union/financial services industry with a focus on regulatory frameworks, information security assessments, and remediation activities
  • Desired knowledge of NCUA, FFIEC, GLBA, NIST (including the Cyber Security Framework and 800 Series
  • Effective planning and organizational skills
  • Effective research, analytical and problem solving skills
  • Strong verbal, written and interpersonal communication skills, including technical writing
  • Desired Bachelor Degree in business, information systems or related field or equivalent work/military experience
  • Ability to present findings and conclusions clearly and concisely
  • Experience in working with all levels of staff, management, stakeholders, and third parties
  • Ability to build effective relationships through rapport, trust, diplomacy, and tact
  • Strong word processing and spreadsheet software skills

Bank Secrecy Section

  • Remains cognizant of and adheres to Navy Federal policies, procedures and regulations pertaining to the Bank Secrecy Act.