Operational Risk Management

About The Position

Requirements

• Understanding of and ability to articulate the three lines of defense model
• Ability to articulate the distinction between risk, issue, and event
• Experience in the credit union or financial services industry with a focus on regulatory frameworks, information security assessments, and remediation activities
• Effective planning and organizational skills
• Effective research, analytical, and problem-solving skills
• Strong verbal, written, and interpersonal communication skills, including technical writing
• Ability to present findings and conclusions clearly and concisely
• Experience working with all levels of staff, management, stakeholders, and third parties
• Ability to build effective relationships through rapport, trust, diplomacy, and tact
• Strong word processing and spreadsheet software skills

Nice To Haves

• Knowledge of NCUA, FFIEC, GLBA, and NIST standards (including the Cyber Security Framework and 800 Series)
• Bachelor's degree in business, information systems, or related field, or equivalent work or military experience

Responsibilities

• Attend meetings with stakeholders within IT and across the organization to assess and encourage the submission of issues impacting information security
• Aid in the development of action plans and ensure those plans address the root cause of identified issues
• Review evidence packages to confirm successful remediation of issues; prior audit experience is a plus
• Leverage various communication channels and conduct meetings to obtain required information
• Demonstrate familiarity with GRC tools, especially the Logic Manager platform
• Support metrics and reporting around issues and event processes
• Aid business units in understanding issue management practices and procedures
• Keep current with information security best practices and industry trends, and communicate and apply these practices to policy improvements and compliance actions
• Perform other duties as assigned