Controls Testing Analyst

Summary

Join Navy Federal Credit Union as an Analyst, Security Program Strategy Controls Assurance! This remote role focuses on asset-based testing of IT and information security controls. You will plan, execute, and report on testing, working with business partners and stakeholders in an Agile environment. Responsibilities include developing assessment plans, performing walkthroughs, creating test strategies, documenting work, and presenting findings to leadership. The ideal candidate possesses experience in control testing, audit, and information security risk assessments, along with knowledge of relevant regulations and frameworks. A bachelor's degree and relevant certifications are required.

Requirements

• Experience in control testing to include experience in some of the three lines of defense (Audit, ERM, First Line areas)
• Experience in audit and information security risk assessments
• Knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO))
• Knowledge of NCUA, FFIEC, GLBA, NIST (including the Cyber Security Framework and 800 Series), ISO 27001/27002, SANS/CIS 20, PCI DSS, and other Information Security requirements and frameworks
• Experience in working with all levels of staff, management, stakeholders, and third parties
• Effective planning and organizational skills
• Effective research, analytical and problem solving skills
• Strong verbal, written and interpersonal communication skills, including technical writing
• Bachelor Degree in business, information systems or related field or equivalent work/military experience
• CISSP, CISA, CCSP, CRISC or other Information Security certifications
• Ability to present findings and conclusions clearly and concisely
• Ability to build effective relationships through rapport, trust, diplomacy, and tact
• Strong word processing and spreadsheet software skills

Responsibilities

• Planning & Scoping of Asset Based Assessments to include development of communications, risk & control matrices, scope documents and other supporting information
• Perform walk-throughs with business partners identifying actual versus expected controls
• Create test strategies to test actual controls
• Document all work performed to meet the IIA reperformance standard
• Document issues and final reports
• Present to leadership results of assessments
• Any other duties as assigned to support the program