To serve as a lead technical expert for the Information Security Controls Program to ensure established controls are adhered to, and maintained across the enterprise. Provide oversight and leadership for Security Controls Program and related projects. Identify key stakeholders and support teams to build, manage and improve effective data security controls. Collaborate with end users, management, stakeholders and external resources to ensure maximum effectiveness of the Security Controls. Serve as subject matter expert for Information Security Controls. Work performed under limited supervision.
• Oversee the Security Controls Improvement Program and actions taken to remediate outstanding control gaps and areas of noncompliance • Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions • Develop and maintain a thorough understanding of Information Security industry standards/trends, best practices, processes and technology; communicate information to team members • Oversee the development of queries and reports • Conduct analysis and evaluation of data security standards • Manage the Information Security Risk Register containing records of outstanding control gaps, and areas of noncompliance with Information Security Instructions and Standards, both internal to Navy Federal and external to service providers • Analyze and monitor NFCU’s Information Security posture and the status of remediation efforts • Develop key performance metrics to ascertain if established Information Security Controls are adequate • Partner with key stakeholders to plan and develop remediation plans • Conduct planning, scheduling, budgeting, and resourcing for Information Security Controls projects • Lead cross-functional teams to identify and assess information security risks for NFCU information systems and networks; make recommendations to management • Lead the assessment of enterprise risk focusing on security control and protection of member and employee Personal Identifiable Information (PII); make recommendations to management • Conduct service provider reviews • Oversee vendor relationships to ensure product, service, and quality meet and/or exceed expectations and contract requirements • Conduct Security Exception reviews to ensure compliance with Information Security Standards; identify and resolve issues - Most Complex/Unusual • Perform quality control audits of Analysts’ work to ensure compliance with applicable federal and state laws, rules, regulations, and NFCU policies and procedures • Maintain thorough knowledge of and ensure compliance with applicable federal and state laws, rules, regulations and NFCU policies and procedures (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO) • Oversee and provide training to Analysts’ regarding procedures, protocols, standards and controls • Assign and prioritize workload for Information Security Programs team • Build and maintain effective relationships with team members, management, key stakeholders and/or external contacts, vendors, etc. • Lead, guide and mentor less experienced Analyst team members • Perform other duties as assigned
• Bachelor’s degree in Computer Science, Information Security, or the equivalent combination of training, education, and experience • Advanced knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO) • Advanced knowledge of NCUA,FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks • Expert knowledge of project management processes and methodologies • Extensive experience in information security processes, concepts, principles, and methodologies • Experience in Security policy and procedure development • Significant experience in auditing principles and frameworks such (e.g., COSO, Cobit 4.1, NIST, and SANS) • Extensive experience in performing audit and information security risk assessments • Extensive experience in working with all levels of staff, management, stakeholders, and vendors • Extensive experience in creating, generating and maintaining data, reports, queries, etc. • Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals • Expert research, analytical, and problem solving skills • Expert skill presenting findings, conclusions, alternatives and information clearly and concisely • Expert skill in producing desired results and achieving goals and objectives • Expert organizational, planning, and time management skills • Expert skill building effective relationships through rapport, trust, diplomacy, and tact • Significant experience in leading, guiding and mentoring others • Expert verbal and written communication skills • Expert word processing and spreadsheet software skills • Expert database and presentation software skills • Advanced skill in results-oriented leadership in a challenging environment • Exposure to the banking/financial services industry with a focus on Information Security and Information Technology • Familiarity with information security risks and countermeasures • Desired – Master’s degree in Computer Science, Information Security, or related field • Desired – Working knowledge of NFCU’s mission, objectives, functions, and policies • Desired – Experience in the financial services industry with a focus on information security and information technology • Desired – Working knowledge of information security risks and countermeasures • Desired – Professional certification in the information security sector (CRISC, CISM, CISSP)
Hours: Monday - Friday, 8:00am - 4:30pm
Location: 820 Follin Lane, Vienna, VA 22180
*Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership*