Jeremiah M. Rivas
Cybersecurity, information systems risk, and emerging technology governance professional who has spent 15 years finding control failures at institutions that didn't know they had them and guiding them to build effective frameworks that ensure those problems aren't found twice.
San Diego, CA | jerrymrivas@protonmail.com
Profile
Cybersecurity and emerging technology risk professional with deep roots in financial institution examination and enterprise risk management. Progressed from auditing enterprise financial risk at the most complex federally insured institutions in the country to leading information systems security and emerging technology governance at the national level. CISSP and CNDA credentialed, combat veteran, and equally fluent in the language of the regulator, the technologist, and the boardroom. Experienced engaging senior leadership across the enterprise, building consensus on complex risk findings and translating them into action across business units and areas.
Core Competencies
Information Security Risk • Emerging Technology Governance • NIST AI RMF • NIST CSF / SP 800-53 • GLBA Compliance • Regulatory Policy Development • IT Risk Examination • Board-Level Advisory • Workforce Development • Cross-Agency Program Leadership
Experience
National Information Systems Officer
2019 – Present
National Credit Union Administration (NCUA) — Alexandria, VA
- Analyzes information security risk and emerging technology governance at federally insured financial institutions exceeding $10B in assets; leads examination teams assessing governance structures, risk management frameworks, and operational controls for safety, soundness, and regulatory compliance.
- Built a repeatable generative AI governance review program ahead of formal NCUA guidance, grounded in NIST AI RMF; applied across multiple large-institution examinations to assess emerging AI adoption and identify control gaps.
- During a routine examination, identified active cryptolocker ransomware and a banking Trojan — both undetected by institution staff — and directed containment before data loss or disruption occurred.
- Functions as regional and national subject matter expert on cybersecurity, IS examination methodology, and emerging technology risk — advising agency leadership, exam teams, and supervised institutions on complex issues with no established playbook.
Earlier NCUA Roles
2012 – 2019
Regional ISO (CU-14, Western Region) | Principal Examiner / IS&T Subject Matter Expert | Supervisory CUE Detail | Management Development Program
- Grounded in financial institution examination from 2010 forward — auditing capital, earnings, liquidity, and enterprise risk management before specializing in information systems; brings both the financial and technical lens to cybersecurity risk assessments that most IS practitioners lack.
- Progressed through successive examination and leadership roles; developed regional IS examination programs, authored policy and guidance documents adopted at the national level, and coordinated multi-agency review teams across institutions of varying complexity.
- Selected for NCUA's competitive Management Development Program; led agency-wide project to modernize the credit union chartering process — final recommendations briefed directly to the Deputy Executive Director and adopted across three agency divisions.
Financial Institution Specialist
2010 – 2012
Federal Deposit Insurance Corporation (FDIC) — New York, NY
- Safety and soundness examinations, CAMELS analysis, and participation in nine institution closings including one exceeding $11B in assets.
Administrative Non-Commissioned Officer
2004 – 2008
United States Marine Corps — Camp Pendleton, CA / Fallujah, Iraq (OIF)
- Performed administrative duties including casualty reporting and awards processing for seven infantry battalions and 13 separate companies across Al-Anbar Province while fulfilling convoy and security responsibilities in an active combat environment; maintained mission execution under continuous operational pressure in Fallujah during OIF (2006).
Education & Certifications
M.S. Administration
Central Michigan University | 2014
Minor: Leadership & Public Administration
B.S. Management / Marketing, Cum Laude
Park University | 2009
Spanish — Professional fluency, spoken and written
✓ CISSP — ISC2 #614610
✓ Certified Network Defense Architect (CNDA) — EC-Council