Manager, Information Security Risk Management

Location: FL Pensacola - Operations Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

• Military Times 2021 Best for Vets Employers
• WayUp Top 100 Internship Programs
• Forbes® 2022 The Best Employers for New Grads
• Forbes® America's Best Employers
• Newsweek Top 100 Most Loved Workplaces
Fortune Best Workplaces for Women
Fortune 100 Best Companies to Work For®
• Computerworld® Best Places to Work in IT

Basic Purpose

People and team leader focused on managing, planning and overseeing risk management functions for security related processes as the first line of defense to understand the risk profile and ensure the overall effectiveness and efficiencies of Security related processes.  This is a 1st line program providing support to Information Security, Fraud, BSA/AML and Physical Security programs, business leaders and peer groups including issue and event management, control testing, audit management and risk reporting.  The position is responsible for administering the established process and application-based risk and control self-assessment (RCSA) frameworks for risk and control identification and management. Ensure operational risk programs align with strategic business initiatives, achieve business and quality objectives, mitigate risk and enhance operating procedures. Promote operational efficiency and service excellence through appropriate risk controls, process improvements and procedure management support. 


•    Execute the Security strategic risk strategies 
•    Maintain and oversee Risk Management programs and partner with business units to ensure compliance
•    Manage InfoSec governance and risk forums/program
•    Manage and/or support Issues and Events team to ensure security risks are minimized and maintained
•    Manage and/or support InfoSec Controls testing to ensure security compliance is maintained enterprise wide
•    Manage and/or support  InfoSec Risk Analytics team to develop, review and report on security risk factors, risk data analysis and trend analysis
•    Ensure risks associated with business activities are effectively identified, measured, monitored, and controlled
•    Manage procedures/process, regulatory reporting and filing, document governance, risk control self-assessments, and quality governance.
•    As applicable, articulate implications of risks and issues related to data management and protection to sponsors and risk owners and, if necessary, assist with Security exceptions or issue management
•    Translate control deficiencies into action plans and provide recommendations to enhance governance practices in alignment with risk and compliance frameworks
•    Participate in Security-related special projects, councils, working groups, etc. as a Risk SME
•    Advise senior management on the status of their control environment related to risk identification and control issues.  Identify critical areas to monitor and escalate issues and findings to appropriate stakeholders
•    Perform other duties as assigned


•    Bachelor's degree in Information Systems, Computer Science, Engineering, Business, Economics, or related field, or the equivalent combination of education, training and experience
•    A minimum of 5 years of experience supporting risk and/or compliance related activities in financial services or other relevant industry, especially Operational Risk Programs
•    Working knowledge of NCUA and FFIEC regulations, COSO, and NIST CSF, GLBA, PCI and other Security requirements and frameworks a plus
•    Working knowledge of at least one industry-leading risk management framework (e.g. OCTAVE, COSO, COBIT etc.)
•    Working knowledge of at least one data protection and/or privacy framework (e.g. DMM, DMBOK, NIST Privacy Framework)
•    Experience in risk mitigation, strategic planning, and management of personnel
•    Knowledge of information technology systems, project processes, and application development 
•    Advanced organizational, planning and time management skills
•    Advanced research, analytical, and problem solving skills
•    Advanced skill developing and implementing programs in a leadership role
•    Advanced skill building effective relationships with all levels of staff, management, stakeholders, and vendors, through rapport, trust, diplomacy and tact
•    Significant experience working with internal audit and external examiners
•    Significant experience collaborating across organizational boundaries and building partnerships across functions
•    Effective skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes
•    Advanced skill exercising initiative and using good judgment to make sound decisions
•    Advanced verbal, written, interpersonal, and presentation skills to communicate clearly and concisely technical and non-technical information to all levels of management

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | Remote

Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report on-site 4-16 days each month. The number of days reporting on-site will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and on boarding process.

Salary Range: $95,600 - $179,700 annually

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.


Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability

COVID-19 Safety Protocols

All employees are expected to follow our COVID-19 safety protocols.


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Employee Referrals

This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.