Senior Technical Risk Analyst (InfoSec TPRM)

Company: Navy Federal Credit Union
Location: Vienna
Posted on: July 1, 2025

Job Description:

Conduct information security oversight and monitoring of complex, critical, and/or high visibility Navy Federal third parties; evaluate third party security programs, procedures, controls, and information systems; identify and report on third party technical control gaps and risks; and monitor and validate third party finding remediation. Applies full range of specialized skills and job knowledge and frequently adapts procedures, techniques, tools, materials, and/or equipment to meet specialized needs. Guide and review work of junior analysts to ensure consistent and high quality assessment and remediation output. Work is performed under general direction. Responsibilities • Perform risk assessments and security testing of critical, complex, and/or high visibility Navy Federal third parties, including on-site and virtual interviews of subject matter experts and technical sampling. • Monitor program workflow and requests and assign tasks and responsibilities to junior analysts. • Monitor the performance of risk assessments and security testing of Navy Federal third parties conducted by junior analysts. • Monitor junior analyst performance metrics for compliance with defined program thresholds, targets, and SLAs. • Validate the analysis and perform quality control reviews of work performed by junior analysts including: • Reviews of Navy Federal third-party information security programs, procedures, and information systems. • Evaluation of the design and implementation of third-party technical controls. • Identification of ineffective, inadequate, or absent third-party security controls and quantification of risk to Navy Federal. • Analysis of technical intelligence data and reporting and identification of information security concerns related to third party control environments. • Perform third-party finding remediation and monitor junior analyst review of third-party remediation responses and evidence to confirm third party compliance with Navy Federal information security control expectations. • Provide feedback, training, and support to junior analysts. • Maintain expert knowledge of information security best practices and industry trends and apply them to process and policy improvements and compliance actions. • Participate in and lead Agile scrum activities supporting the delivery of program enhancements and projects. • Build and maintain strong relationships with team members, leadership, key business unit stakeholders, and third parties. • Influence program governance processes including creation and publishing of program documentation, maintenance of repositories, and response to audit and exam requests. • Influence continuous improvement of the InfoSec TPRM program; identify opportunities to improve or enhance the program. • Develop and propose key program performance and risk metrics. • Perform other related duties as assigned. Qualifications • Bachelor’s degree in Computer Science, Information Security, related field, or the equivalent combination of training, education, and experience • At least 1 professional Information Security certification. Validation of certification is required o Shared Assessments Certified Third Park Risk Professional (CTPRA) o Third Party Risk Association Third Party Cyber Assessor (TPCRA) o Certification in Risk and Information Systems Control (CRISC) o Certified Information Systems Security Professional (CISSP) o Certified Information Security Auditor (CISA) o Certified Information Security Manager (CISM) • Extensive experience independently executing information security third party risk assessments, including on-site/in-person assessments, for a financial institution • Experience independently working with third parties to remediate findings resulting from risk assessments • Experience working with the Shared Assessments Standard Intelligence Gathering (SIG) questionnaire • Advanced knowledge of NCUA, FFIEC, GLBA, AICPA TSC, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks • Significant experience in auditing principles and frameworks such as COSO, COBIT, and ISO • Experience as a supervisor, people manager, project manager, team leader, or other leadership role • Extensive experience in information security processes, concepts, principles, and methodologies • Significant experience in performing audit and information security risk assessments • Significant experience in working with all levels of staff, management, stakeholders, and vendors • Significant experience in creating, generating, and maintaining data, reports, queries, etc. • Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals • Expert research, analytical, and problem-solving skills • Expert skill presenting findings, conclusions, alternatives, and information clearly and concisely • Expert organizational, planning, and time management skills • Expert skill building effective relationships through rapport, trust, diplomacy, and tact • Expert verbal and written communication skills • Expert skill analyzing and organizing problems or work processes for technical solutions Desired Qualifications • Advanced degree in Information Security, Cyber Security, Information Technology, or related field • Experience with Agile processes, methodologies, and journey mapping Hours: Monday - Friday, 8:00AM - 4:30PM Locations: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive, Pensacola, FL 32526 | 141 Security Drive, Winchester, VA 22602 | 9999 Willow Creek Road, San Diego, CA 92131 About Us Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks. Our approach to careers is simple yet powerful: Make our mission your passion. • Best Companies for Latinos to Work for 2024 • Computerworld® Best Places to Work in IT • Forbes® 2025 America’s Best Large Employers • Forbes® 2024 Americas Best Employers for New Grads • Forbes® 2024 Americas Best Employers for Tech Workers • Fortune Best Workplaces for Millennials™ 2024 • Fortune Best Workplaces for Women ™ 2024 • Fortune 100 Best Companies to Work For® 2025 • Military Times 2024 Best for Vets Employers • Newsweek Most Loved Workplaces • 2024 PEOPLE® Companies That Care • RippleMatch Recruiting Choice Award • Yello and WayUp Top 100 Internship Programs

Keywords: Navy Federal Credit Union, Richmond , Senior Technical Risk Analyst (InfoSec TPRM), IT / Software / Systems , Vienna, Virginia