Senior Business Risk Control Analyst

VyStar Credit UnionJacksonville, FL

About The Position

The Senior Business Risk Control Analyst is an experienced contributor within the Enterprise Risk Management (ERM) function, operating as part of the Second Line of Defense (2LoD). This role provides independent assurance and governance support over the design and operating effectiveness of internal controls across the credit union and contributes to the ongoing maturity of enterprise risk governance practices. In addition to executing risk-based control testing, this role supports ERM governance activities, methodologies, standards, and reporting, ensuring consistency with the organization’s ERM framework, risk appetite, and regulatory expectations. The role does not own or execute controls and maintains independence from first line operational activities. Testing and oversight span all major risk categories, including Credit, Interest Rate Risk (IRR), Liquidity, Operational/Transaction, Compliance, and Strategic Risk, as well as controls supporting technology enabled processes, including IT, cybersecurity, cloud, digital, or system-based operations, where applicable.

Requirements

  • Bachelor’s degree required; advanced degree preferred
  • Equivalent combination of education and experience will be considered
  • 4+ years of experience in enterprise risk management, second‑line control assurance, internal audit, or compliance testing within financial services.
  • Demonstrated experience operating in a Second Line of Defense role, including governance and oversight responsibilities.
  • Strong experience conducting control testing, RCSAs, issue management, and remediation validation.
  • Experience with controls supporting technology‑enabled processes, with exposure to one or more of the following: Information Technology Cybersecurity Cloud or third‑party technology environments Digital platforms or system‑enabled business processes
  • Strong understanding of ERM frameworks, risk and control methodologies (e.g., COSO, Three Lines of Defense), and governance practices.
  • Working knowledge of financial services regulatory expectations.
  • Advanced analytical skills with the ability to synthesize results into enterprise‑level risk insights.
  • Advanced proficiency in Excel and data analysis tools.
  • Excellent written and verbal communication skills, including experience supporting management or governance‑level reporting.
  • Demonstrated experience in conflict resolution management and ability to effectively challenge at all levels of management and influence business outcomes.
  • Ability to effectively work with both internal and external partners in a highly collaborative environment.
  • Ability to communicate complex concepts and findings in a clear and concise manner.
  • Ability to assist with multiple projects, work in fast-paced environment and meet deadlines
  • Maintains professional composure, objectivity and fairness when dealing with conflict or sensitive matters.
  • Ability to travel as needed to successfully perform position responsibilities.
  • Excellent ability to rely on experience and judgment to plan and accomplish various goals and objectives and to produce high quality materials within tight time limits.

Nice To Haves

  • Advanced degree preferred
  • Professional certifications (e.g., CRISC, CISA, CIA, CISSP) are a plus.

Responsibilities

  • Serve as a senior Second Line of Defense (2LoD) subject matter resource for control testing, assurance practices, and risk governance.
  • Exercise independent challenge and credible oversight of first‑line risk identification, control design, and remediation effectiveness.
  • Function as a trusted partner to ERM leadership in risk governance activities, including committee reporting, escalation practices, and issue management oversight.
  • Lead the development and maintenance of testing standards, methodologies, and quality expectations.
  • Reinforce strong risk ownership and accountability, maintaining clear separation from control ownership while reinforcing accountability and effective risk ownership across the organization.
  • Lead & oversee end-to-end, risk‑based control testing engagements, including planning, walkthroughs, scoping, sample selection, evidence evaluation, and documentation.
  • Direct assessments of control design adequacy and operating effectiveness, including manual, automated, and IT‑dependent controls.
  • Apply and guide the use of quantitative and statistical sampling techniques to support objective, defensible conclusions.
  • Interpret and synthesize testing outcomes to identify control weaknesses, root causes, trends, and systemic issues, including recurring themes.
  • Own independent validation of remediation efforts through follow‑up testing and evidence‑based confirmation.
  • Drive execution of the development and execution of the annual ERM risk‑based control testing plan.
  • Own and continuously enhance testing methodologies, standards, templates, and documentation guidance.
  • Lead preparation materials and analysis for risk governance committees, management, regulators, and internal audit.
  • Influence risk ratings, issue severity, and escalation considerations.
  • Champion consistent application of ERM practices across control testing, issue management, and reporting.
  • Function as a senior independent advisor by providing objective insights into control effectiveness and residual risk exposure.
  • Provide credible challenge and guidance to business leaders, Compliance, Information Security, Finance, and Internal Audit to identify opportunities to enhance control design, automation, and monitoring, while preserving 2LoD independence.
  • Lead coordination across assurance functions to reduce duplication and strengthen enterprise risk oversight.
  • Perform other duties as assigned.
  • Mentor and influence peers and stakeholders, elevating risk and control maturity through thought leadership and constructive challenge.
  • All employees and business units, as first line of defense, are expected to proactively help identify, assess, manage, and report risks within their domain of work.
  • To enhance a healthy risk culture and support our growth for good pillar, employees will maintain vigilance in safeguarding our operations while ensuring compliance with regulatory mandates.
  • The Risk team serves as the second line of defense by providing risk oversight and credible challenge whereas the Audit team serves as the third line of defense by providing risk assurance.
  • Perform other duties as assigned.
  • Incumbent is expected to demonstrate each of the following VyStar Excellence behaviors in performing the duties and responsibilities of their job: Focus - Focus your full attention by carefully listening to and observing client or member. Connect - Consistently be friendly and approachable. Demonstrate your care. Understand - Listen empathetically and ask questions (70%/30% rule). Counsel - Recommend solutions based on your member’s needs and objectives. Advance - Ensure that member’s expectations were exceeded. Verify necessary follow-up actions.

Benefits

  • competitive pay
  • an excellent benefit package that includes a 401(k) Plan
  • an extensive paid technical and on-the-job training program
  • tuition reimbursement--available to all full and part time employees
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service