To serve as a technical expert for the Information Security third party risk management team to ensure established controls are adhered to and maintained across the enterprise’s third party footprint. Provide oversight and leadership, and function as a lead analyst for the third party assessment program and related projects. Identify key stakeholders and support teams to build, manage and improve effective third party oversight. Collaborate with end users, management, stakeholders and external resources to ensure maximum effectiveness of the Information Security third party risk management function. Serve as subject matter expert for Information Security third party risk management performed under limited supervision.
• Conducts efficient, high quality third party risk assessments for complex third-party relationships • Analyzes third party questionnaire responses, evidence, or external audit reports to confirm third party compliance with control expectations • Produces professionally written reports and executive summaries of third party assessment results • Facilitates meetings with management, employees, and third parties to educate on Information Security third party risk management processes, conduct assessments or follow up conversations, and communicate results • Maintains thorough knowledge of and ensure compliance with applicable federal and state laws, rules, regulations and NFCU policies and procedures (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO) • Builds and maintains effective relationships with team members, management, key stakeholders and/or external contacts, vendors, etc. • Reviews third party remediation actions taken to address outstanding control gaps and areas of noncompliance • Keeps current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions • Develops and maintains a thorough understanding of Information Security industry standards/trends, best practices, processes and technology; communicate information to team members • Maintains a continuous process improvement work environment, recommending and implementing new/improved systems in accordance with industry standards and best practices • Works independently with limited guidance from others • Perform other duties as assigned
• Experience in the financial services industry with a focus on information security and information technology • At least 5 years of experience in information security processes, concepts, principles, and methodologies • Experience in performing audit and information security risk assessments on third parties • Knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO) • Knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks • Experience that demonstrates knowledge of information security analysis and design techniques • Experience that demonstrates knowledge of data security practices and procedures, including risk assessment, authentication technologies, and security attack pathologies • Effective planning and organizational skills • Effective research, analytical and problem solving skills • Effective verbal, written and interpersonal communication skills, including skill in negotiating and persuading others • Ability to present findings and conclusions clearly and concisely • Experience in working with all levels of staff, management, stakeholders, and vendors • Skill building effective relationships through rapport, trust, diplomacy, and tact • Strong word processing and spreadsheet software skills
• Bachelor’s Degree in business, information systems or related field • CISSP, CISA CCSP or other Information Security certifications • Knowledge of Navy Federal operations
Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.
The salary range for this position is: $80,800 - $139,400
Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership.