Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer III

Information Security GRC Analyst (Lead Risk Management Analyst)

Click here to apply!


Basic Purpose

Architects GRC platforms and services, including Issue and Event Management, Enterprise Risk Management (RCSA and Control Testing), Policy and Compliance, Vendor & Third Party Risk Management, Vulnerability Response, Security Incident Response and Security Operations. To design and implement new and enhanced security solutions and procedures to control and manage information assets and meet corporate and regulatory requirements.


•    Provide technical, functional and process expertise in developing Information Security Programs across the GRC ecosystem
•    Coordinates with key stakeholders to facilitate requirements gathering, development, testing, UAT and deployment
•    Support the practice in growing solution area by supporting in solution design and innovation leveraging GRC products
•    Analyze and evaluate new and existing information security programs and procedures to protect corporate information systems assets from intentional or inadvertent modification, disclosure, or destruction
•    Lead large, complex multidisciplinary projects and initiatives, which have high business risk and impact
•    Serves as GRC subject matter expert 

Qualifications and Education Requirements:

•    Bachelor’s degree in Computer Science, Information Security, or the equivalent combination of training, education, and experience
•    Solid hands on Information Security experience in one of the leading Governance, Risk and Compliance (GRC) platforms such as ServiceNow, LogicManager, RSA Archer, BWise, etc.
•    Demonstrates in-depth product knowledge and implementation experience in one or more GRC platforms such as ServiceNow, LogicManager, RSA Archer, or MetricStream
•    Hands on experience leading GRC engagements, delivering process design, technical design, defining agile stories and demonstrates thought leadership across the product suite and functional capabilities
•    Good understanding of data management concepts and related reporting solution development
•    Extensive experience in the analysis, design, and/ or implementation of information technology in a secure environment
•    Extensive experience in information security assessment, administration, and management
•    Comprehensive knowledge and understanding of best practices, trends related to information security
•    Comprehensive knowledge of information security regulations and legislations
•    Formal project management experience which involved organization skills, managing strategy, project communications (internal and external to team), and planning and directing the work of participants
•    Strong research, analytical, and problem solving skills
•    Highly developed communication skills including preparing and presenting results, findings and alternatives and influencing management decision making based on the best available data
•    Knowledge of NCUA and FFIEC regulations, GLBA, PCI and other information security requirements and frameworks

Desired Qualifications and Education Requirements

•    Advanced college degree in information security, cyber security, information technology, etc.
•    Experience with security systems, assessment tools, and technical security, and performing information security assessments
•    Experience in the financial services industry with a focus on information security and information technology
•    GRC product certification such as ServiceNow Certified System Administrator or RSA Archer administration
•    Experience working with Business Process Model and Notation (BPMN), workflow design and business process analysis
•    Advanced knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
•    Advanced knowledge of NCUA,FFIEC, GLBA,  ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
•    Master’s degree in Computer Science, Information Security, or related field
•    Professional certification in the information security sector (CRISC, CISM, CISSP)

Hours: Monday - Friday, 8:00am - 4:30pm

Location: 820 Follin Lane, Vienna, VA 22180

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive.  You are paid within the salary range, based on your experience, location and market position. 

The salary range for this position is:  $98,600 - $139,400

*Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership*

0 Replies