Job Description:
PRIMARY FUNCTION:
The Policy Analyst is a primary contributor to VACU’s Governance and Risk Program, assisting with the development, review, and maintenance of organizational policies, frameworks, methodologies, programs and processes. The Policy Analyst partners with business-unit process/risk owners and experts to ensure controls are in place and effective to ensure practices align with VACU’s risk appetite.
JOB DUTIES AND RESPONSIBILITIES:
-
Establish, update and maintain enterprise policies and practices aligned with regulatory requirements and security/risk frameworks, and commensurate with the organization’s size and complexity.
-
Ensure that developed policies, standards, and procedures reflect applicable regulatory requirements and supervisory guidance.
-
Engage and collaborate with senior leaders, key stakeholders, and individuals across the businesses and functions on policy development, review, and implementation.
-
Proactively identify improvement opportunities in the policy development and review processes.
-
Collaborate with Risk and Control Analyst to identify opportunities to align policies, procedures, and controls associated with products and processes to reduce risk throughout VACU.
-
Support audits and exams by responding to requests for current policies.
-
Keep abreast of changes to the regulatory landscape and evolving laws
-
Consistently apply industry best practices and recognized security and risk frameworks to the integration of policy, processes and technology to establish robust documentation providing appropriate direction and boundaries for employees.
-
Collaborate with the policy and procedure owners throughout the organization to create, establish and maintain, to the extent feasible, consistency and compatibility throughout VACU.
-
Partner with policy owner to identify and resolve gaps and discrepancies between policies and procedures.
-
Administer Policy Documentation Library (SharePoint).
-
Other duties may be required and assigned by the supervisor.
-
Comply with all VACU published policies and procedures.
-
Report policy violations as required.
-
Complete all required training as assigned.
JOB QUALIFICATIONS: .
Knowledge and Experience:
-
Significant, demonstrated direct experience creating and implementing written, standards-based policies and procedures in a highly regulated environment; financial services industry experience strongly preferred.
-
Demonstrated experience supporting enterprise information management, enterprise risk management and/or general governance functions.
-
Demonstrated experience in business or technical writing, including creation and implementation of formal policy and procedure documentation.
-
Strong working knowledge of general banking practices, risks and internal controls, and related standards and regulations (e.g. NCUA, FFIEC, COSO, CFPB).
-
Experience in gap analysis and identification of appropriate mitigation strongly preferred.
-
Experience working in a fast-paced, compliance-oriented, risk management, service function.
-
Demonstrated knowledge of IT controls and their application to policy/procedural development, including familiarity with one or more of the following is a plus:
-
FFIEC and/or NCUA IT Handbooks and requirements;
-
Center for Internet Security’s Critical Security Controls (CIS CSC);
-
Payment Card Industry (PCI) standards; or
-
NIST Cybersecurity Framework.
Skills and Abilities:
-
Advanced computer skills, including excellent proficiency with Microsoft Office applications (Word, Excel, Outlook); strong working knowledge of MS SharePoint, to include creating/editing/managing SharePoint Document Libraries.
-
Excellent writing skills with ability to make complex information easily understood by all audiences.
-
Strong written and verbal communication skills, including proper grammar and spelling.
-
Interacts confidently, tactfully, and professionally across all levels of the organization, including upper management, technical teams, and employees at large.
-
Ability to independently research, interpret, and apply regulatory requirements and industry-standard best practices to technical and business practices.
-
Excellent analytical skills to identify gaps, trends, and applicability.
-
Self starter with excellent planning, documentation, and organizational skills
-
Proactive, flexible, diplomatic and resourceful in overcoming challenges, collaboratively crafting workable solutions and achieving value-driven outcomes
Minimum Education:
-
Bachelor's degree required, preferably in, Risk Management, Business Management, Public Administration, Business Analytics, Information Management, or a related field; technical training, certifications, or prior work experience may be considered in lieu of bachelor’s degree.
-
Demonstrated experience in business or technical writing, including creation and implementation of formal policy and procedure documentation.
-
Relevant professional certification(s) in risk management or internal control (e.g. RIMS-CRMP, PMI-RMP, IIA-CIA, IIA-CRMA COSO-ERM, CUNA-CUERME, etc.) beneficial
PHYSICAL REQUIREMENTS:
-
This job requires the ability to sit for long periods of time.
-
This job requires occasional lifting or carrying of objects up to 20 pounds.