Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer III

Hiring: Manager, Information Security Risk Management

Click here to apply!


Basic Purpose


To manage, plan and oversee risk management functions for security matters as the first line of defense to ensure the overall effectiveness of risk and compliance management programs, risk analytics and operations in the business.  This role will collaborate with Security Business Units, Office of General Counsel (OGC), Compliance, Enterprise Risk, ISD, Digital, other NFCU Business Units, Audit and regulators to support risk and compliance-based initiatives.  The position is responsible for supporting business leaders to the established risk framework including risk and control self assessments (RCSAs), evaluation of control effectiveness, identifying control failures, issues and events management, facilitating risk and compliance remediation, internal and external audits and regulatory exams and monitoring the first line of defense to minimize risk exposures.  Ensure operational risk programs align with strategic business initiatives, achieve business and quality objectives, mitigate risk and enhance operating procedures. Implement effective risk programs and measures designed to identify and mitigate risks associated with these functions. Promote operational efficiency and service excellence through appropriate risk controls, process improvements and training while reducing and mitigating financial losses.


Security Risk Management 
•    Execute the Security strategic risk strategies 
•    Maintain and oversee Risk Management programs and partner with business units to ensure compliance
•    Manage InfoSec governance and risk forums/program
•    Manage and/or support Issues and Events team to ensure security risks are minimized and maintained
•    Manage and/or support InfoSec Controls testing to ensure security compliance is maintained enterprise wide
•    Manage and/or support  InfoSec Risk Analytics team to develop, review and report on security risk factors, risk data analysis and trend analysis
•    Ensure risks associated with business activities are effectively identified, measured, monitored, and controlled
•    Manage procedures/process, regulatory reporting and filing, document governance, risk control self-assessments, and quality governance.
•    As applicable, articulate implications of risks and issues related to data management and protection to sponsors and risk owners and, if necessary, assist with Security exceptions or issue management
•    Translate control deficiencies into action plans and provide recommendations to enhance governance practices in alignment with risk and compliance frameworks
•    Participate in Security-related special projects, councils, working groups, etc. as a Risk SME
•    Advise senior management on the status of their control environment related to risk identification and control issues.  Identify critical areas to monitor and escalate issues and findings to appropriate stakeholders
•    Perform other duties as assigned

Qualifications and Education Requirements:

•    Bachelor's degree in Information Systems, Computer Science, Engineering, Business, Economics, or related field, or the equivalent combination of education, training and experience
•    A minimum of 5 years of experience supporting risk and/or compliance related activities in financial services or other relevant industry, especially Operational Risk Programs
•    Working knowledge of NCUA and FFIEC regulations, COSO, and NIST CSF, GLBA, PCI and other Security requirements and frameworks a plus
•    Working knowledge of at least one industry-leading risk management framework (e.g. OCTAVE, COSO, COBIT etc.)
•    Working knowledge of at least one data protection and/or privacy framework (e.g. DMM, DMBOK, NIST Privacy Framework)
•    Experience in risk mitigation, strategic planning, and management of personnel
•    Knowledge of information technology systems, project processes, and application development 
•    Advanced organizational, planning and time management skills
•    Advanced research, analytical, and problem solving skills
•    Advanced skill developing and implementing programs in a leadership role
•    Advanced skill building effective relationships with all levels of staff, management, stakeholders, and vendors, through rapport, trust, diplomacy and tact
•    Significant experience working with internal audit and external examiners
•    Significant experience collaborating across organizational boundaries and building partnerships across functions
•    Effective skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes
•    Advanced skill exercising initiative and using good judgment to make sound decisions
•    Advanced verbal, written, interpersonal, and presentation skills to communicate clearly and concisely technical and non-technical information to all levels of management

Desired Qualifications and Education Requirements:

•    Graduate education in Business, Risk, Information Systems, Computer Science, Engineering, Quantitative discipline or related field
•    Professional or planned date for certification in Operational Risk, and/or specialized in information security 
•    Knowledge of Navy Federal Credit Union instructions, standards, and procedures

Hours: Monday - Friday, 8:00am - 4:30pm

Location: 820 Follin Lane, Vienna, VA 22180

*Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership* 

0 Replies