IT Controls Assistant Manager
Vienna, VA, United States
Navy Federal Credit Union
Navy Federal Credit Union is an armed forces bank serving the Navy, Army, Marine Corps, Air Force, Space Force, Coast Guard, veterans, DoD & their families. Join now!The Assistant Manager, Enterprise Technology Services (ETS) Controls, will play a pivotal role in supporting the ETS department by overseeing the Application Risk Assessment (ARA) and related initiatives. Working closely with application owners, this role will focus on developing and maintaining comprehensive risk and control matrices to effectively identify, assess, monitor, update, and report on the ETS risk landscape. This includes evaluating IT General Controls (ITGCs) across critical ETS processes such as Access Management, Change Management, and Disaster Recovery.
Key responsibilities will involve leading discussions, identifying controls, documenting and testing controls, and collaborating across various lines of defense to establish ownership. The position requires building strong partnerships with risk stakeholders and application owners within ETS and across the organization.
The Assistant Manager will lead strategic initiatives, leveraging their expertise to develop and implement robust compliance frameworks. They will serve as a subject matter expert, providing guidance on risk management strategies and ensuring alignment with organizational goals. The role demands both independent initiative and strong teamwork skills to drive effective outcomes.
Overall, the Assistant Manager, ETS Controls, will contribute significantly to enhancing the organization's risk management framework and fostering a culture of proactive risk mitigation.
- Manage the development of the Application Risk Assessment process and methodology, including the evaluation and documentation of controls.
- Assist in the identification and development technology solutions and improvements for application control assessments, especially for ServiceNow GRC.
- Manage communication of requirements for the developed Application Risk Assessment, including operating model development and execution for ETS and considering all internal and external stakeholders.
- Lead a team to conduct control design and performance assessments for application IT General Controls (ITGCs).
- Assist in Managing risk assessment initiatives in alignment with enterprise goals and regulatory expectations.
- Collaborate with process owners and other business units to facilitate risk conversations, identify potential business risks, operational and regulatory process deficiencies, and improvement opportunities.
- Manage the identification and documentation of control deficiencies, and conduct quality control reviews.
- Manage a team to identify critical risk and/or control areas to monitor and escalate findings to appropriate stakeholders.
- Assist in managing the development of opportunities for new and/or improved processes, best practices, data, or technology; provide clear picture of outcomes, especially in relation to IT application control compliance and the impact on business processes.
- Assist in managing the alignment of application risk assessments with organizational strategic goals and compliance requirements.
- Manage communication of requirements for the developed Application Risk Assessment, including operating model development and execution for ETS and considering all internal and external stakeholders.
- Identify training opportunities and mentor lower level staff.
- Assess exposure to risk, develop ways to measure risk, and review related policies and procedures to minimize risk.
- Analyze changes in policies, procedures, and products; determine the impact on the group functions.
- Conduct benchmarking, trend analysis, and other input to drive continuous improvement and elevate service performance.
- Solve business problems by defining the problem, interviewing stakeholders, identifying, and evaluating alternatives, and presenting findings.
- Ensure compliance with Navy Federal Credit Union ETS standards and best practices.
- Performs other related duties as assigned.
- Manage a team for the effective identification, mitigation, and management of risks arising from business activities.
- Manage preparation and presentation of recommendations to management and process owners, including assessment summaries; reports; trends; and other outcomes.
- Provide guidance to teams and leadership on the status of standards compliance, risk identification and control issues.
- Bachelor’s degree in business, Information Systems, Computer Science, or other related field, or the equivalent combination of education, training, or experience.
- Extensive experience managing the execution control assessments.
- Deep understanding of technology control compliance requirements, including Internal Controls over Financial Reporting; and SOC 1 & 2 reviews; and integrated audit procedures.
- Advanced understanding implementing technology solutions for managing risk and controls evaluation and reporting, especially related to governance risk and compliance platforms.
- Advanced knowledge and understanding of risk-based methodologies and frameworks for financial institutions.
- Expert understanding regarding the risk and impact interactions between technology and business processes, particularly in relation to business applications and their related processes.
- Proven ability to manage the planning, organization, and effective execution of risk mitigation and process improvement initiatives.
- Ability to manage independently and collaborate well in a team environment.
- Expert skill presenting findings, conclusions, alternatives, and information clearly and concisely to all levels of management.
- Proven experience managing relationships within cross-functional, multi-dimensional teams and projects of complexity which have significant business risk and impact.
- Expert experience leading a team in documenting and testing controls in accordance to established requirements and methodologies.
- Considerable experience in collaborating across organizational boundaries and building partnerships across various functions.
- Advanced skill building effective relationships through trust and diplomacy, with the ability to influence, negotiate, and build consensus to reach agreeable and positive outcomes with business partners.
- Experience in managing multiple priorities independently and/or in a team environment to achieve goals.
- Expert demonstrating thought-leadership, initiative-taking, decision-making and creativity solving business problems.
Desired Qualifications:
- Professional certifications including, but not limited to any of the following: CRISC, CISA, CIA, CPA, CISM, CISSP.
- Advanced knowledge of financial institution business processes, applications, services, products, standards, and procedures.
- Experience working in an IT environment and with tools such as ServiceNow.
- Advanced knowledge of state and Federal laws, industry regulations, principle, and practices, and company policies that govern the product and services.
Hours: Monday - Friday, 8:00AM - 4:30PM
Locations: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | Remote
Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.
- Best Companies for Latinos to Work for 2024
- Computerworld® Best Places to Work in IT
- Forbes® 2024 America’s Best Large Employers
- Forbes® 2023 The Best Employers for New Grads
- Fortune Best Workplaces for Millennials™ 2023
- Fortune Best Workplaces for Women ™ 2023
- Fortune 100 Best Companies to Work For® 2024
- Military Times 2023 Best for Vets Employers
- Newsweek Most Loved Workplaces
- Ripplematch Campus Forward Award - Excellence in Early Career Hiring
- Yello and WayUp Top 100 Internship Programs
From Fortune. ©2024 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.
Equal Employment Opportunity: Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability EOE/AA/M/F/Veteran/Disability
Hybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.
Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.
Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CIA CISA CISM CISSP Compliance Computer Science CRISC Governance Risk assessment Risk management RMF SOC SOC 1
Perks/benefits: Career development Competitive pay Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cybersecurity Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open PowerShell-related jobs