The Data Security Event Management (“DSEM”) Program’s mission is to reduce the risk associated with the loss of member information and personally identifiable information (“PII”) of Navy Federal Credit Union (“NFCU”) employees. The InfoSec Data Security Event Lead will coordinate cross-Department review of internal and external data security events involving member or employee data to determine whether the event requires notice of data breach to government, state agencies, or individuals, and otherwise to identify areas for control enhancements related to cybersecurity and privacy. This role will also define and maintain the DSEM mission, strategy and procedures, including maintaining an appropriate system of record to manage event response activities and record outcomes. The resource will directly facilitate events through the defined process. The resource will report event status and aggregated metrics to Navy Federal stakeholders and leadership (including C-suite and Board levels).
• Define the mission, strategy, and processes for the DSEM function in alignment with legal, compliance, security, privacy, technology and business departments • Maintain awareness of key cybersecurity, privacy, and compliance regulations related to data security event management requirements and best practices • Facilitate data security events through the defined DSEM process • Build and leverage cross-Department network of key stakeholders related to the DSEM process • Perform investigations and formulate informed opinions to speed event resolution and closure • Based upon events and DSEM program strategy, prepare agendas for, and facilitate periodic DSEM Council meetings, record minutes, and, capture and drive meeting outcomes and actions • Ensure DSEM event risk level designations are consistent with the Enterprise Risk Management (ERM) residual risk model, and, regulatory and industry guidance with respect to potential “risk of harm” • Partner with the security operation center to support enterprise incident response • Provide input into the computer incident response management standard related to the DSEM function • Maintain cross-Department work flows with documented roles and responsibilities, including triggers to notify relevant stakeholders during events • Provide input into InfoSec security awareness training related to the DSEM function so that all employees and contingent workers are familiar with how to report data security events • Contribute to a culture of collaboration by actively working across business lines and sharing knowledge • Prepare DSEM monthly, quarterly and ad hoc reports for C-suite and Board audiences • Perform other duties as assigned
Qualifications and Education Requirements:
• Bachelor’s degree in a related field or the equivalent combination of education, training, and/or experience • Familiarity in information security, privacy, and fraud data breach investigations, ascertaining applicability to potential regulatory impacts • Ability to correlate, or support lines of businesses to correlate, underlying operational process root causes that led to breach events to recommend enhancements to avoid similar, future events • Demonstrated leadership skills and the ability to guide others and prioritize multiple duties to achieve results in a multi-tasked, time sensitive office environment • Extensive experience managing multi-dimensional teams and projects which involve complex organizations, facilitating strategy and status meetings, planning, motivating, and managing the work of participants • Strong problem solving and decision making skills and the ability to work independently, and exercise sound judgment • Microsoft Word, Excel, PowerPoint, Visio, and SharePoint knowledge • Ability to communicate complex technical concepts to non-technical audiences • Ability to present findings, conclusions, alternatives and information clearly and concisely • Ability to lead with diplomacy and tact while maintaining appropriate assertiveness and persistence • High level of knowledge and experience relevant to security domain, including fraud terminology, trends, and applicability to regulatory requirements • Working knowledge of banking/financial industry trends, products and services • Significant experience collaborating across organizational boundaries and building partnerships across functions
Desired Qualifications and Education Requirements:
• Working knowledge of information security, privacy and risk frameworks (NIST 800-53, NIST CSF, NIST Privacy Framework, PCI, ISO 27000 series, COBIT, HiTRUST) • Working knowledge of information security and privacy related regulatory requirements that apply to credit unions • Information Security related certifications such as CISSP, CISM, GSEC, CompTIA Security+ • Risk management or regulatory compliance certification such as ICBBR, FRM, or NCCO • Knowledge of Navy Federal's functions, philosophy, products, and services
*Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership*