Lead Risk & Control Analyst

Location: VA Vienna - Headquarters Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

• Military Times 2021 Best for Vets Employers
• WayUp Top 100 Internship Programs
• Forbes® 2022 The Best Employers for New Grads
• Forbes® America's Best Employers
• Newsweek Top 100 Most Loved Workplaces
Fortune Best Workplaces for Women
Fortune 100 Best Companies to Work For®
• Computerworld® Best Places to Work in IT

Basic Purpose

The Security Process Risk Assessment Lead Risk & Control Analyst supports Navy Federal Credit Union’s (NFCU) Security Governance and Risk Division in effectively managing the 1st Line of Defense internal control environment through the execution of the Risk Control Self-Assessment (“RCSA”) program. In collaboration with business process owners the lead role proactively builds and maintains process maps and risk and control matrices to identify, assess, monitor, update and report out operational risks. This role includes effective partnership with risk partners and process owners within Information Security and throughout the enterprise as RCSAs are coordinated, facilitated, completed and reviewed. The Lead will also partner with Control Testing and Issue and Event Management functions within the 1st Line Security Governance and Risk Management Line of Business.


• Develop and co-manage a program that drives consistency in the identification, validation, and reporting of control activities occurring within the Security organization 
• Proactively support the identification of fraud and BSA/AML and OFAC compliance related risks and perform comprehensive risk assessments of the overall control environment
• Partner with Principals to perform Management Reviews of completed risk and control self-assessments (RCSAs) to ensure consistency and comprehensiveness
• Support the execution of front-line controls, self-assurance, and risk assessment activities (ad-hoc controls review, business process management (BPM), risk control self-assessment (RCSA), and independent risk and audit activities as directed 
• Provide ongoing assessment of Security’s risk profile through regular monitoring and status reporting of risks, issues, events and initiatives within core processes
• Support iterative review and challenge of assessment results, working with appropriate stakeholders across the lines of defense
• Perform and facilitate the collection, review and assimilation of RCSA assessment data and reporting into concise and meaningful reports
• Assess exposure to risk, measure operational risk against ERM frameworks, assist establishing policies and procedures to minimize risk, identify ways to protect the organization from data loss and reputational damage 
• Coordinate efforts with Security’s Issues and Events Management and Control Testing functions, to continually update control effectiveness and residual risk rating of Security’s business processes as needed
• Support implementation for change management needs with appropriate personnel within the Division and/or across divisional lines 
• Monitor and oversee the progress of risk assessments; address and resolve complex issues 
• Assist with Operational Risk event remediation efforts when needed
• Serve as a subject matter expert with internal and external auditors (e.g., NCUA, CFPB, and contracted third parties) to address and resolve audit questions and findings relative to core process risk management 
• Support the testing of control design and the testing of control effectiveness for assigned areas as needed
• Identify areas of improvement in existing process, methodology, and policies. Identify gaps and recommend enhancements. Drive, adopt and enforce best practices in report templates and tools
• Coordinate required meetings, reviews and scheduling needs
• Perform other duties as assigned                                                                                                                                                                                                                                                                                                                                         
Qualifications and Education Requirements

• Degree in Business Administration, Economics, Mathematics, Computer Science, Engineering, Auditing, Law or related field or equivalent combination of training, education and experience
• Advanced knowledge and understanding of risk-based auditing techniques and methodologies
• Advanced knowledge of operational risk controls, concepts and practices and/or InfoSec specific frameworks
• Proven experience working within cross-functional, multi-dimensional teams and projects of complexity which have business risk and impact 
• Proven ability to plan, organize and effectively execute risk mitigation and process improvement initiatives
• Advanced organizational, planning and time management skills in order to multitask competing priorities in a fast paced and dynamic environment 
• Ability to comprehend, analyze, interpret, communicate and apply government and financial industry regulations related principles and practices, and company instructions, procedures and policies
• Ability to work independently and in a team environment
• Effective analytical and complex thinking skills to include summarizing information and clearly identifying key elements, patterns results or relationships
• Significant experience in collaborating across organizational boundaries and building partnerships across various functions

Desired Qualifications and Education Requirements

• Working knowledge of Navy Federal’s products, services, programs policies and procedures
• ORM or CFE certifications
• Lean Six Sigma Black Belt or equivalent process mapping experience
• Advanced knowledge of state and Federal laws; industry regulations, principles, and practices; and company policies that govern the business unit’s products/services

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526

Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report on-site 4-16 days each month. The number of days reporting on-site will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and on boarding process.

Salary Range: $98,500 - $168,400 annually

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Posting End Date: 03/22/23

Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume.


Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.