Why CC Pace? | CC Pace

Risk Remediation Analyst

Job Title
Risk Remediation Analyst
Job ID
27561536
Location
Vienna,  VA 22180
Other Location
Description
To serve as a risk remediation expert for the Information Security third-party risk management team to ensure identified control gaps from third-party assessments are remediated according to guideline expectations across the entire enterprise third-party footprint. Collaborate directly with third parties and internal business unit contacts to drive remediation efforts. Exercise influencing skills to effectively eliminate &/or minimize the risk to the Navy Federal members. Identification and documentation of all applicable compensating controls during remediation efforts. Partner with internal business units and technical SMEs to evaluate risk levels.

Responsibilities
 Conducts efficient, high-quality risk assessment remediation activities for complex third-party relationships
 Analyzes third party remediation responses, evidence, &/or external audit reports to confirm third party compliance with control expectations
 Produces professionally written summaries of third party assessment remediation results
 Facilitates meetings with internal business units and third parties on Information Security third-party risk management remediation processes
 Maintains knowledge of and ensures compliance with applicable federal and state laws, rules, regulations, and corporate policies and procedures (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
 Builds and maintains effective relationships with team members, leadership, key business unit stakeholders, third parties, etc.
 Reviews third party remediation implementation to address findings control gaps and areas of non-compliance
 Keeps current with Information Security best practices and industry trends, and applies them to process and policy improvements and compliance actions
 Works independently with limited guidance from leadership
 Performs other duties as assigned by leadership

Qualifications
 Experience in the financial services industry with a focus on information security assessments and remediation activities
 Experience in information security processes, concepts, principles, and methodologies
 Experience in audit and information security risk assessments on third parties
 Knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
 Knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
 Experience that demonstrates knowledge of data security practices and procedures, including risk assessment, authentication technologies, and security attack pathologies
 Effective planning and organizational skills
 Effective research, analytical and problem-solving skills
 Strong verbal, written, and interpersonal communication skills, including skill in negotiating and persuading others
 Ability to present findings and conclusions clearly and concisely
 Experience in working with all levels of staff, management, stakeholders, and third parties
 Ability to build effective relationships through rapport, trust, diplomacy, and tact
 Strong word processing and spreadsheet software skills

Desired Qualifications
 Bachelor Degree in business, information systems or related field or equivalent work/military experience
 CISSP, CISA CCSP, or other Information Security certifications

Option 1: Create a New Profile