• Design, implement, and monitor risk limits for new products. Perform daily monitoring of Value-at-Risk (VaR), stress testing, and sensitivity analysis. • Collaborate with Engineering and Product teams to refine and stress-test our Margin engine, ensuring margin requirements accurately reflect cross-product offsets and tail risks. • Assist in the design and roll-out of the Enterprise Risk Management framework. This includes defining Risk Appetite Statements (RAS), maintaining the Risk Register, and developing Key Risk Indicators (KRIs) that span across the organization. • Act as the risk lead for the launch of new products, identifying unique risks associated with event-based binary outcomes and liquidity fragmentation. • Develop forward-looking scenarios (including "black swan" events) to assess the impact of market volatility on the firm’s capital and liquidity positions. • Support the wider Risk team in Operational Risk assessments, internal audits, and regulatory reporting requirements. • Build automated risk dashboards and reporting tools using SQL/Python to provide real-time insights to the Chief Risk Officer and Senior Management.

• Leads the execution of enterprise clinical data governance and integration strategies • Establish and maintain a comprehensive clinical data inventory inclusive of data sources, attributes, ingestion pathways, ownership, downstream use cases, and refresh cadence • Develop and maintain standardized business requirement templates for clinical data acquisition • Oversee governance activities related to acquisition opportunities and data quality performance, ensuring effective documentation, risk escalation, and decision-making • Identifies and recommends clinical data acquisition opportunities by reviewing emerging trends, regulatory changes, and competitive intelligence • Drive clinical data use cases from concept through implementation — including business case development, requirements definition, technical coordination, testing, deployment, value tracking, and post-implementation optimization • Partner with Enterprise IT and Data Engineering to prioritize ingestion pipelines and interoperability enhancements (e.g., HL7/FHIR) • Oversees performance monitoring related to clinical data vendors • Ensure governance guardrails are maintained to prevent fragmented, duplicative, or misaligned clinical data acquisition efforts across business units • Serve as liaison between business domains and enterprise governance forums to ensure alignment with broader enterprise data strategy • Lead and develop a team of analysts responsible for data profiling, reconciliation, acquisition evaluation, quality monitoring, and roadmap support.

Role Description KBR is seeking a Cybersecurity Risk Management Framework (RMF) Information System Security Officer (ISSO) to support the DHA Solution Delivery Division (SDD). In this role, you will lead Assessment & Authorization (A&A) activities and guide systems through the RMF lifecycle to achieve and maintain Authorizations to Operate (ATOs) for mission-critical medical systems. You will work closely with engineers, developers, and government stakeholders to ensure compliance with NIST, DoD, and DHA cybersecurity requirements while supporting continuous monitoring and risk management efforts. This 100% remote position requires availability during standard Eastern Time (ET) day shift hours. Join KBR to contribute directly to protecting critical healthcare systems supporting warfighters and their families. - Manage one or more information systems throughout the full six-step RMF lifecycle, including assessment, authorization, and continuous monitoring activities - Serve as an RMF Subject Matter Expert (SME), advising stakeholders on cybersecurity compliance, risk posture, and ATO readiness - Develop, review, and maintain RMF packages and associated documentation, including Security Plans, POA&Ms, Risk Assessment Reports, and security control policies - Assess system compliance against NIST SP 800-53 controls and DHA RMF requirements as part of self-assessment and annual reviews - Document and maintain evidence supporting control implementation and compliance - Lead and participate in A&A and stakeholder meetings to track system status, resolve issues, and drive RMF progress - Coordinate with engineers and system owners to develop architecture diagrams, system asset inventories, and security policies - Prepare and deliver status reports to DHA leadership on system authorization and compliance efforts Qualifications - Active DoD Secret security clearance - Bachelor’s degree in cybersecurity, information technology, or related field with 6+ years of experience; or 14+ years of relevant cybersecurity/IT experience in lieu of degree. - DoD Manual 8140.03 (formerly 8570.01)-compliant certification (e.g., Security+, CISSP, CASP+/SecurityX) - Demonstrated experience performing RMF activities as an ISSO/ISSM/SME, including ATO process support and RMF package development (Security Plans, POA&Ms, architecture diagrams, system security policies, etc.) - Demonstrated experience assessing and documenting NIST SP 800-53 controls - Experience using Microsoft Office applications: Word, PowerPoint, Excel, and SharePoint Requirements - Experience using eMASS or equivalent compliance-tracking application - Experience supporting RMF processes under DHA - Familiarity with ACAS and DISA STIGs/SRGs and tools such as STIG Viewer and SCAP Compliance Checker - Familiarity with Continuous Monitoring and Risk Scoring (CMRS) - Experience using Microsoft Project to build Integrated Master Schedules (IMS) Compensation $107,600.00 - $161,400.00. The salary range posted is based on the national average. The offered rate will be based on the contract affordability and the selected candidate’s location, knowledge, skills, abilities, and/or experience, and in consideration of internal parity. Benefits - KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match - Medical, dental, vision, life insurance, AD&D - Flexible spending account, disability, paid time off, or flexible work schedule - Support for career advancement through professional training and development

Role Description The Enterprise Risk Program Administrator supports the credit union’s enterprise-wide risk management efforts by coordinating activities related to: - Risk assessment - Compliance - Fraud prevention - Business continuity - Operational resilience - Information security - Vendor oversight The role ensures BHFCU maintains a strong risk posture, meets regulatory expectations, and strengthens organizational resilience through effective collaboration and program management. Essential Duties & Responsibilities - Risk Assessment & Monitoring - Conduct enterprise-wide risk assessments and maintain the risk register. - Monitor internal and external risk trends and identify emerging risks. - Perform gap reviews and analyze data from across the organization to identify potential risk exposures. - Prepare and deliver executive-level risk reporting, dashboards, and key risk indicator (KRI) updates. - Support the identification, assessment, and reporting of all major organizational risk categories in a consolidated, enterprise-wide manner. - Policy, Compliance & Governance Support - Draft, update, and maintain risk-related policies and procedures. - Support compliance reviews, regulatory assessments, and audit preparation. - Assist in remediation tracking and ensure documentation consistency across functions. - Contribute to defining risk appetite, tolerance, and alignment with strategic objectives. - Operational & Business Continuity Preparedness - Oversee business continuity and disaster recovery planning, testing, and documentation. - Facilitate incident response coordination and post-incident review activities. - Assist in scenario analysis, stress testing, and resilience planning across departments. - Information Security & Fraud Coordination - Support monitoring of security events, threats, and vulnerabilities in partnership with Information Security. - Participate in incident response activities and tabletop exercises. - Facilitate cross-departmental coordination on fraud risk prevention and reporting. - Cross-Functional Collaboration & Program Support - Serve as a central liaison across departments to ensure consistent risk practices. - Support the ongoing maturity and development of the Enterprise Risk Management (ERM) program. - Manage administrative and project-related tasks required to maintain an effective risk framework. Other Duties/Responsibilities - Establish and maintain the Enterprise Risk Management (ERM) program. - Develop and implement key risk indicators (KRIs) for each risk category. - Monitor adherence to KRIs relative to established risk appetite and tolerance. Qualifications - Bachelor’s degree preferred (not required) in Business, Finance, Risk Management, or related field (or equivalent experience). - 3-5 years of experience in risk management, compliance, fraud, project management or related functions. - Professional certifications in and related to Enterprise Risk Management (e.g., CRISC, CFE, CISM, CAMS) preferred. - Proficiency in Microsoft Office and risk management software. Requirements - Strong understanding of risk management, compliance, fraud prevention, and regulatory frameworks. - Excellent analytical, organizational, and communication skills. - Experience in policy writing, risk assessment, and incident response. - Ability to collaborate across departments and present complex information clearly. - Thorough understanding of the third-party risk oversight processes and the ability to develop program maturity enhancements. Benefits - Occasional travel to one of BHFCU’s branch locations or attendance at community events may be required. - Perform primarily sedentary work with limited physical exertion and occasional lifting of up to 5 lbs. - Must be capable of climbing/descending stairs in emergency situations. - Must be able to operate routine office equipment including telephone, copier, facsimile, and calculator. - Must be able to routinely perform work on computer for an average of 6-8 hours per day. - Must be able to work extended hours whenever required or requested by management. - Must be capable of regular, reliable and timely attendance.