Principal Technical Risk Analyst
Description:
Overview
Responsible for overseeing the identification, assessment, and mitigation of technical risks across the organization's systems, infrastructure, and technology stack. This role involves working closely with cross-functional teams to implement strategies that minimize risks while ensuring compliance with internal policies and external regulations. Responsible for identifying, evaluating, and mitigating technical risks associated with projects, systems, or technologies within an organization. This role combines technical expertise, risk management skills, and leadership to ensure that technical risks are managed effectively, safeguarding the company's operations, data, and reputation. Work independently to interpret and develop solutions to complex business challenges that have a significant impact on the function or branch. Specialized skill set and proficiency with procedures and techniques. Recognized as an expert in own area within the organization.
Responsibilities
Lead the assessment of technical risks in existing systems and upcoming projects
Evaluate technologies, infrastructure, and processes for potential vulnerabilities and failure points
Conduct in-depth analysis of risks related to software, hardware, cybersecurity, data integrity, and operational processes. Use qualitative and quantitative methods to rank risks by impact and likelihood
Develop and implement mitigation plans to reduce identified technical risks
Collaborate with engineering, IT, and product teams to execute risk mitigation initiatives effectively
Lead the response to technical incidents that present risks to the organization, including root cause analysis and action plans to prevent recurrence
Provide clear, concise reports to senior leadership, outlining key technical risks and mitigation progress. Serve as the point of contact for all technical risk-related matters
Ensure that all technical activities are compliant with regulatory requirements and internal governance frameworks. Collaborate with legal and compliance teams to stay updated on relevant laws and standards
Lead and drive ongoing risk management improvements through process optimization, technology upgrades, and staff training. Recommend proactive measures to preempt potential risks
Assess and manage risks associated with external vendors and third-party services. Ensure that third-party technologies comply with organizational security and risk standards
Work closely with the security team to ensure that technical risks related to cybersecurity are identified, evaluated, and mitigated. Help implement security protocols, audits, and response strategies
Lead risk management training programs to ensure employees are aware of potential technical risks and are equipped to prevent and respond to incidents
Maintain accurate documentation of risk assessments, mitigation plans, incident responses, and any actions taken. Ensure these records are accessible for auditing purposes
Qualifications
Bachelor's or Master's degree in Computer Science, Information Technology, Engineering, or a related technical field or equivalent combination of training, education and experience
Subject matter expert within business area/specialization with understanding of interrelationships of different disciplines
Significant experience in risk management, IT, cybersecurity, or a related technical field
Proven experience managing large-scale technical projects with high levels of risk
Significant experience working in regulated industries is a plus (e.g., finance, healthcare, government)
Significant knowledge of IT systems, software development, cloud technologies, and cybersecurity best practices
Significant knowledge of risk management frameworks such as NIST and ISO 27001
Ability to assess complex technical systems and identify risks through both qualitative and quantitative analysis
Proven ability to lead cross-functional teams, manage stakeholders, and communicate risk effectively at all levels of the organization
Excellent verbal and written communication skills, with the ability to translate technical risks into business language for non-technical stakeholders
Strong critical thinking and problem-solving skills to identify, assess, and mitigate risks in a dynamic environment
Significant Crisis Management experience
Significant Cybersecurity & IT Governance experience
Significant Vendor Risk Management experience
Advanced Communication & Leadership skills
Advanced knowledge of Regulatory Compliance
Desired Qualifications
Master's Degree in related field or equivalent combination of training, education and experience.
Certified Information Systems Security Professional (CISSP)
Certified Risk and Information Systems Control (CRISC)
Project Management Professional (PMP)
Certified Information Systems Auditor (CISA)
Hours: Monday - Friday, 8:00AM - 4:30PM (Regular on-call hours are required)
Locations: 820 Follin Lane, Vienna, VA Heritage Oaks Dr. Pensacola, FL Security Dr. Winchester, VA 22602
About Us
Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.
Our approach to careers is simple yet powerful: Make our mission your passion.
• Best Companies for Latinos to Work for 2024
• Computerworld Best Places to Work in IT
• Forbes 2024 America's Best Large Employers
• Forbes 2024 America's Best Employers for New Grads
• Forbes 2024 America's Best Employers for Tech Workers
• Fortune Best Workplaces for Millennials 2024
• Fortune Best Workplaces for Women 2024
• Fortune 100 Best Companies to Work For 2024
• Military Times 2024 Best for Vets Employers
• Newsweek Most Loved Workplaces
• 2024 PEOPLE Companies That Care
• Ripplematch Recruiting Choice Award
• Yello and WayUp Top 100 Internship Programs
From Fortune. 2024 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.
Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected Veteran.
Hybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.
Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position
Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.
Permanent