-
Our Services
- Agile Services Unlock Agile excellence with our expert coaching.
- Business Consulting Drive business success through tailored expertise.
- Data & Analytics Harness the power of data for greater business value.
- IT Services Elevate your IT capabilities with our comprehensive solutions.
- Talent Solutions Find the perfect fit for your team through top-tier talent placement.
- Our Clients
- Careers
- Resources
- About Us
Risk Remediation Analyst
- Job Title
- Risk Remediation Analyst
- Job ID
- 27561536
- Location
- Vienna, VA 22180
- Other Location
- Description
-
To serve as a risk remediation expert for the Information Security third-party risk management team to ensure identified control gaps from third-party assessments are remediated according to guideline expectations across the entire enterprise third-party footprint. Collaborate directly with third parties and internal business unit contacts to drive remediation efforts. Exercise influencing skills to effectively eliminate &/or minimize the risk to the Navy Federal members. Identification and documentation of all applicable compensating controls during remediation efforts. Partner with internal business units and technical SMEs to evaluate risk levels.
Responsibilities
Conducts efficient, high-quality risk assessment remediation activities for complex third-party relationships
Analyzes third party remediation responses, evidence, &/or external audit reports to confirm third party compliance with control expectations
Produces professionally written summaries of third party assessment remediation results
Facilitates meetings with internal business units and third parties on Information Security third-party risk management remediation processes
Maintains knowledge of and ensures compliance with applicable federal and state laws, rules, regulations, and corporate policies and procedures (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
Builds and maintains effective relationships with team members, leadership, key business unit stakeholders, third parties, etc.
Reviews third party remediation implementation to address findings control gaps and areas of non-compliance
Keeps current with Information Security best practices and industry trends, and applies them to process and policy improvements and compliance actions
Works independently with limited guidance from leadership
Performs other duties as assigned by leadership
Qualifications
Experience in the financial services industry with a focus on information security assessments and remediation activities
Experience in information security processes, concepts, principles, and methodologies
Experience in audit and information security risk assessments on third parties
Knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
Knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
Experience that demonstrates knowledge of data security practices and procedures, including risk assessment, authentication technologies, and security attack pathologies
Effective planning and organizational skills
Effective research, analytical and problem-solving skills
Strong verbal, written, and interpersonal communication skills, including skill in negotiating and persuading others
Ability to present findings and conclusions clearly and concisely
Experience in working with all levels of staff, management, stakeholders, and third parties
Ability to build effective relationships through rapport, trust, diplomacy, and tact
Strong word processing and spreadsheet software skills
Desired Qualifications
Bachelor Degree in business, information systems or related field or equivalent work/military experience
CISSP, CISA CCSP, or other Information Security certifications