Operational Risk Management

Operational Risk Management Analyst – Issue Management

Location: Vienna, VA

Work Arrangement: hybrid - Three days per week onsite.

This position supports the Operational Risk Management (ORM) function with a focus on Issue Management. The successful candidate will bring expertise in risk management, risk and control self-assessments (RCSA), standards, and enterprise Governance, Risk and Compliance (GRC) tool operations. The analyst will demonstrate a clear understanding of how the ORM framework applies to business operations and effectively communicate the importance of issue management.

This role involves supporting daily issue management operations, partnering with RCSA and control testing teams, and tracking issue remediation activities. The analyst will conduct research, facilitate meetings, and support the business in ensuring issues are captured and managed timely. Additionally, the analyst will perform in-depth gap analyses to determine root causes of process gaps and regulatory compliance failures.

• Understanding of and ability to articulate the three lines of defense model
• Ability to articulate the distinction between risk, issue, and event

• Attend meetings with stakeholders within IT and across the organization to assess and encourage the submission of issues impacting information security
• Aid in the development of action plans and ensure those plans address the root cause of identified issues
• Review evidence packages to confirm successful remediation of issues; prior audit experience is a plus
• Leverage various communication channels and conduct meetings to obtain required information
• Demonstrate familiarity with GRC tools, especially the Logic Manager platform
• Support metrics and reporting around issues and event processes
• Aid business units in understanding issue management practices and procedures
• Keep current with information security best practices and industry trends, and communicate and apply these practices to policy improvements and compliance actions
• Perform other duties as assigned

• Experience in the credit union or financial services industry with a focus on regulatory frameworks, information security assessments, and remediation activities
• Effective planning and organizational skills
• Effective research, analytical, and problem-solving skills
• Strong verbal, written, and interpersonal communication skills, including technical writing
• Ability to present findings and conclusions clearly and concisely
• Experience working with all levels of staff, management, stakeholders, and third parties
• Ability to build effective relationships through rapport, trust, diplomacy, and tact
• Strong word processing and spreadsheet software skills

• Knowledge of NCUA, FFIEC, GLBA, and NIST standards (including the Cyber Security Framework and 800 Series)
• Bachelor's degree in business, information systems, or related field, or equivalent work or military experience

We are an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, genetic information, or any other protected characteristic under federal, state, or local laws.

We are committed to employing only candidates who are legally authorized to work in the United States. For compliance with the Immigration Reform and Control Act of 1986, all new employees must complete the Employment Eligibility Verification Form I-9 and provide documentation establishing identity and authorization to work. E-Verify will be used for employment verification as part of the onboarding process.

We value integrity throughout our hiring process. Candidates will be asked to provide documentation confirming employment history, education, and work authorization.