Basic Purpose This role is specifically designated to support the Operational Risk Management (ORM) role for Issue Management. The Contractor Analyst will be experienced in risk management, risk and control self assessments (RCSA), standards, and enterprise Governance, Risk and Compliance (GRC) tool operations. The Analyst will understand how ORM framework applies to the business and be able to articulate need for issue management. The Contractor Analyst will be responsible for supporting the daily operations of issue management, partnering with RCSA and control testing teams as well as issue remediation tracking. Research, facilitate meetings, and support the business in ensuring issues are captured timely. Perform in depth and comprehensive gap analyses to determine the root cause of process gaps and regulatory compliance failures. Understanding of, and ability to articulate, the three lines of defense model. Ability to articulate the difference between risk, issue and event.
Responsibilities Attend meetings with stakeholders within IT and across the credit union to assess and encourage the need for submitting issues impacting information security.Aid in the development of action plans and ensure those plans will address the root cause of the issue.Ability to review evidence packages to confirm successful remediation of issue. Prior Audit experience a plusLeverage various communications channels and conduct meetings to obtain required information.Familiarity with GRC tools especially the Logic Manager platformSupport metrics and reporting around issues and event processes.Aid the business units in understanding issue management.Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions.Perform other duties as assigned Qualifications Experience in the credit union/financial services industry with a focus on regulatory frameworks, information security assessments, and remediation activitiesDesired knowledge of NCUA, FFIEC, GLBA, NIST (including the Cyber Security Framework and 800 SeriesEffective planning and organizational skillsEffective research, analytical and problem solving skillsStrong verbal, written and interpersonal communication skills, including technical writingDesired Bachelor Degree in business, information systems or related field or equivalent work/military experienceAbility to present findings and conclusions clearly and conciselyExperience in working with all levels of staff, management, stakeholders, and third partiesAbility to build effective relationships through rapport, trust, diplomacy, and tactStrong word processing and spreadsheet software skills Bank Secrecy Section Remains cognizant of and adheres to Navy Federal policies, procedures and regulations pertaining to the Bank Secrecy Act.