Senior Technical Risk Analyst
Navy Federal • Pensacola, Florida • Full Time
Posted on Thu, Jul 2, 2026
Navy Federal Credit Union currently does not provide sponsorship for this role. Applicants must be authorized to work in the United States without the need for current or future sponsorship.
Responsible for assessing and managing technical risks across the organization’s IT and operational environments. Works closely with cross-functional teams to identify and analyze emerging technology risks, implement risk management strategies, and maintain compliance with industry standards and regulations. Plays a key role in developing frameworks for risk identification, reporting, mitigation, and control. Responsible for understanding the technological landscape, implementing risk management frameworks, and ensuring that the organization adheres to industry standards and regulatory requirements. Work under minimal supervision and use complete understanding of business needs and objectives to support projects that have impact on the achievement of operational goals. Advanced skill set and proficiency with procedures and techniques.
Responsibilities
- Lead efforts to identify technical risks related to IT infrastructure, applications, systems, and data
- Perform detailed risk assessments of IT projects, vendors, and systems to identify vulnerabilities and potential threats
- Analyze new technologies and business processes to determine associated risks
- Stay informed about emerging cybersecurity threats and vulnerabilities that could affect the organization
- Develop and implement risk management frameworks, policies, and procedures
- Prioritize risks based on business impact, and work with stakeholders to design and implement mitigation strategies
- Work with IT and business teams to embed risk management into technology projects, operational processes, and product development
- Manage the remediation of technical vulnerabilities and track risk reduction efforts
- Ensure that risk management processes align with internal policies, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, GDPR, SOX, etc.)
- Lead internal and external audits by providing risk assessments, compliance reports, and documentation
- Partner with compliance and legal teams to monitor adherence to regulatory changes impacting technology risks
- Lead or assist in investigating technical incidents and breaches, conducting root cause analyses, and recommending corrective actions
- Collaborate with security and IT teams to develop response strategies for cybersecurity incidents
- Prepare and present post-incident reports and lessons learned to management
- Prepare and present regular reports to senior management and stakeholders on the status of technical risks, trends, and mitigation efforts
- Maintain accurate and comprehensive documentation of all risk assessments, controls, and mitigation strategies
- Assist in the creation of technical risk dashboards for ongoing monitoring
- Act as a subject matter expert on technical risk and provide guidance to other teams across the organization
- Facilitate workshops and training sessions to enhance risk awareness and promote best practices
- Collaborate with internal teams such as IT, cybersecurity, compliance, legal, and audit to ensure a cohesive approach to risk management
- Continuously evaluate and enhance risk management frameworks and tools
- Monitor the evolving threat landscape and emerging technologies to update risk strategies and frameworks accordingly
- Promote a culture of risk awareness and proactive risk management throughout the organization
Qualifications
- Bachelor’s degree in Information Technology, Computer Science, Risk Management, or a related field or equivalent combination of training, education and experience
- 8+ years of experience in IT audit, internal/external audit, risk management, or security controls testing
- Strong experience with IT General Controls (ITGCs), control frameworks, and audit methodologies (SOX or internal audit)
- Complete knowledge and understanding of business area/specialization
- Experience in technical risk management, cybersecurity, or IT governance
- Hands-on experience with risk assessments, risk frameworks, and mitigation strategies
- Proven experience in managing and mitigating cybersecurity risks
- Advanced knowledge of risk management principles, frameworks (e.g., ISO, NIST, COSO), and regulatory compliance requirements
- Advanced understanding of IT systems, network architecture, cloud technologies, and cybersecurity
- Excellent analytical, problem-solving, and decision-making skills
- Strong interpersonal and communication skills, with the ability to convey complex risk concepts to non-technical stakeholders
- Experience in working with incident management, disaster recovery, and business continuity planning
- Ability to work in a fast-paced environment with tight deadline
Desired Qualifications
- Master’s Degree in related field or equivalent combination of training, education and experience
- Professional certifications such as CISA, CISSP, CRISC, CPA, or similar
- Experience with GRC tools such as ServiceNow or LogicManager
- Knowledge of Enterprise Risk Management (ERM) frameworks and risk taxonomy
- Experience leading cross-functional projects and mentoring team members
- Experience supporting regulatory exams or acting as a primary liaison for auditors
Experience improving audit efficiency and standardizing testing approaches
Additional Information
Hours:
- Monday - Friday, 8:00AM - 4:30PM
Location:
- 820 Follin Lane, Vienna, VA 22180
- 5510 Heritage Oaks Drive, Pensacola, FL 32526
- 141 Security Drive, Winchester, VA 22602