Senior Technical Risk Analyst (InfoSec TPRM)

Overview

Conduct information security oversight and monitoring of complex, critical, and/or high visibility Navy Federal third parties; evaluate third party security programs, procedures, controls, and information systems; identify and report on third party technical control gaps and risks; and monitor and validate third party finding remediation. Applies full range of specialized skills and job knowledge and frequently adapts procedures, techniques, tools, materials, and/or equipment to meet specialized needs. Guide and review work of junior analysts to ensure consistent and high quality assessment and remediation output. Work is performed under general direction.

Responsibilities

• Perform risk assessments and security testing of critical, complex, and/or high visibility Navy Federal third parties, including on-site and virtual interviews of subject matter experts and technical sampling.
• Monitor program workflow and requests and assign tasks and responsibilities to junior analysts.
• Monitor the performance of risk assessments and security testing of Navy Federal third parties conducted by junior analysts.
• Monitor junior analyst performance metrics for compliance with defined program thresholds, targets, and SLAs.
• Validate the analysis and perform quality control reviews of work performed by junior analysts including:
• Reviews of Navy Federal third-party information security programs, procedures, and information systems.
• Evaluation of the design and implementation of third-party technical controls.
• Identification of ineffective, inadequate, or absent third-party security controls and quantification of risk to Navy Federal.
• Analysis of technical intelligence data and reporting and identification of information security concerns related to third party control environments.
• Perform third-party finding remediation and monitor junior analyst review of third-party remediation responses and evidence to confirm third party compliance with Navy Federal information security control expectations.
• Provide feedback, training, and support to junior analysts.
• Maintain expert knowledge of information security best practices and industry trends and apply them to process and policy improvements and compliance actions.
• Participate in and lead Agile scrum activities supporting the delivery of program enhancements and projects.
• Build and maintain strong relationships with team members, leadership, key business unit stakeholders, and third parties.
• Influence program governance processes including creation and publishing of program documentation, maintenance of repositories, and response to audit and exam requests.
• Influence continuous improvement of the InfoSec TPRM program; identify opportunities to improve or enhance the program.
• Develop and propose key program performance and risk metrics.
• Perform other related duties as assigned.

Qualifications

• Bachelor's degree in Computer Science, Information Security, related field, or the equivalent combination of training, education, and experience
• At least 1 professional Information Security certification. Validation of certification is required
  • Shared Assessments Certified Third Park Risk Professional (CTPRA)
  • Third Party Risk Association Third Party Cyber Assessor (TPCRA)
  • Certification in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Auditor (CISA)
  • Certified Information Security Manager (CISM)
• Extensive experience independently executing information security third party risk assessments, including on-site/in-person assessments, for a financial institution
• Experience independently working with third parties to remediate findings resulting from risk assessments
• Experience working with the Shared Assessments Standard Intelligence Gathering (SIG) questionnaire
• Advanced knowledge of NCUA, FFIEC, GLBA, AICPA TSC, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
• Significant experience in auditing principles and frameworks such as COSO, COBIT, and ISO
• Experience as a supervisor, people manager, project manager, team leader, or other leadership role
• Extensive experience in information security processes, concepts, principles, and methodologies
• Significant experience in performing audit and information security risk assessments
• Significant experience in working with all levels of staff, management, stakeholders, and vendors
• Significant experience in creating, generating, and maintaining data, reports, queries, etc.
• Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals
• Expert research, analytical, and problem-solving skills
• Expert skill presenting findings, conclusions, alternatives, and information clearly and concisely
• Expert organizational, planning, and time management skills
• Expert skill building effective relationships through rapport, trust, diplomacy, and tact
• Expert verbal and written communication skills
• Expert skill analyzing and organizing problems or work processes for technical solutions

Desired Qualifications

• Advanced degree in Information Security, Cyber Security, Information Technology, or related field
• Experience with Agile processes, methodologies, and journey mapping

Hours: Monday - Friday, 8:00AM - 4:30PM

Locations: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive, Pensacola, FL 32526 | 141 Security Drive, Winchester, VA 22602 | 9999 Willow Creek Road, San Diego, CA 92131

About Us