The Information Security Program Analyst II will work with Navy Federal business owners, third party resources and other key stakeholders to drive the information security maturity of Navy Federal’s third parties, as a part of the Information Security Third Party Risk Management (TPRM) program. This position is accountable for monitoring, analysis, and resolution of continuous monitoring solutions indicators as identified through Navy Federal's continuous monitoring program. The position will manage, monitor, and coordinate third party risk activities related to the intelligence.
• Analyzes third party intelligence data for risks applicable to Navy Federal • Determines and executes third party and related stakeholder responses based on intelligence data, identified events, and defined thresholds • Documents and maintains TPRM continuous monitoring procedures related to intelligence analysis, establishing threshold and engagement processes • Evaluates continuous monitoring solutions, recommends best solutions to support the TPRM program strategy for third party oversight in accordance with industry standards and best practices • Assists in creating and enforcing security standards and procedures as intelligence data inform evolving third party threats • Identifies and analyzes potential risks/threats related to the supply chain; performs incident analysis to determine causes, possible solutions, and remedial actions required to ensure information security • Analyzes and provides technical guidance supporting third party problem resolution related to intelligence analysis • Participates in the research and development of proposals to enhance information security TPRM oversight best practices through review of industry continuous monitoring solutions • Researches and maintains current knowledge regarding information security threats, issues, and trends to inform TPRM continuous monitoring solutions reviews • Prepares third party cyber security hygiene and risk reports for third parties (individually, or a portfolio of third parties) to inform TPM stakeholder leadership risk management decisions • Facilitates meetings with management and employees to educate staff about the TPRM continuous monitoring intelligence data • Participates in special projects and task groups across department lines • Leads, guides, and mentors other TPRM continuous monitoring intelligence analysts • Serves as the TPRM continuous monitoring intelligence solutions and data subject matter expert • Performs other related duties as assigned
Qualifications & Education Requirements:
• Bachelor’s Degree in Information Technology or the equivalent combination of education, training or experience • 1-3 years hands on experience with third party continuous monitoring tools and risk intelligence (e.g., BitSight, SecurityScorecard, Normshield, etc.) • 8 years or more experience in the field of cybersecurity (e.g. cyber security TPRM oversight assessments, application security, network security, cyber security audits) • Expert knowledge in security best practices, principles and common security frameworks such as OWASP, NIST and ISO • General knowledge of current and emerging threats and techniques for exploiting security vulnerabilities • Experience securing cloud infrastructure and applications • Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing. • Advanced organizational, planning and time management skills • Advanced communication, presentation and analytical skills
Desired: • Advanced degree in Information Technology, or the equivalent combination of education, training or experience • Knowledge of secure architecture and design patterns for Web, Mobile and Microservices • CISSP, CISM or other related Information Security certifications