The Principal, Information Security Governance & Risk Reporting supports Navy Federal Credit Union’s (NFCU) Information Security Division in effectively managing the Enterprise’s Information Security risk reporting to senior leadership, front office, and board level audiences. Responsible for the strategy, management and execution of information security reporting that adheres to Navy Federal policies, instructions and standards as required by the National Credit Union Administration (NCUA) 12 CFR Part 748, Appendix A requirement. The role will also create related content and agendas for risk forums with senior leadership and key risk stakeholders, facilitating risk conversations, identify outcomes and actions, and ensure follow-up for those actions with risk decision makers and performers. The role will also be responsible to create strategies to ensure full compliance with Part 748 Appendix A reporting obligations, including maintaining procedures to review and retain risk forum and board minutes for future regulator and internal audit inspection.
• Maintain documented strategies and procedures for risk reporting that assure all program components defined in 12 CFR Part 748 Appendix A are aligned to Navy Federal reporting and reported • Maintain awareness across all Information Security functional areas to inform risk writing and strategic compilation of reports and presentations on a variety of cyber security technical and risk projects • Work closely with domain subject matter experts and communications resources, including multi-media designers in collaboration to produce professional and accurate presentations • Draft and manage the completion of the Information Security Annual Report in collaboration with domain subject matter experts and communications resources • Identify special information security topics relevant to current cybersecurity threats to present to senior leadership and the board of directors, leveraging individual research, internal and external papers, and subject matter experts, and in collaboration with information security leadership • Maintain the procedures for board minutes review and perform board minutes review that assure key presentation topics were discussed and captured accurately for later regulatory and internal audit inspection • Review and analyze key performance and key risk indicator data as an output of the Information Security Metrics and Analytics team to identify performance and risk trends important to include in various senior leadership and board reporting • In partnership with Information Security communications, maintain a catalog of security data, reports and dashboards that can be tailored for audience (Board, Business Executives, CISO, technical, operational) and frequency to support scheduled and ad-hoc requests
Qualifications and Education Requirements:
• Strong presentation writing and creation skills (advanced Microsoft PowerPoint) • Highly independent, organized and able to work autonomously in a fast-paced and time sensitive setting to produce accurate and compelling reports • Bachelor's degree in Information Systems, Computer Science, Engineering, Business, Mathematics, Economics, or related field, or the equivalent combination of education, training, and experience • A minimum of 12-15 years of experience leading risk and/or compliance related activities in financial services or other relevant industry, especially Operational Risk Programs (or similar work) • Deep knowledge of federal banking safety and soundness regulations and extensive familiarity of CAMELS, FFIEC and examination approaches from NCUA, OCC, FHFA and the CFPB (or ability to quickly familiarize with these regulatory bodies as they related to Navy Federal • Advanced knowledge of information technology systems, project processes, and application development • Advanced organizational, planning and time management skills • Advanced research, analytical, and problem-solving skills • Advanced skill building effective relationships with all levels of staff, management, stakeholders, and vendors, through rapport, trust, diplomacy, and tact • Advanced verbal, written, interpersonal, and presentation skills to communicate clearly and concisely technical and non-technical information to all levels of management and a strong EQ • Effective skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes • Advanced skill exercising initiative and using good judgment to make sound decisions
Desired Qualifications and Education Requirements:
• Ability to achieve your CRISC, CISM, CISSP (or similar relevant certification) within 1 yr. or hire • Master’s degree in Information Systems, Computer Science, Engineering, or related field • Knowledge of industry leading risk management frameworks such as COSO, COBIT, NIST CSF, ITIL) • Knowledge of the PCI standards framework • Knowledge of at least one data protection and/or privacy framework (e.g. DMM, DMBOK, NIST Privacy Framework) • Working knowledge of the MITRE attack framework • Experience in the development of risk management frameworks along with the requisite implementation
Hours: Monday - Friday, 8:00am - 4:30pm
Location: 820 Follin Lane, Vienna, VA 22180
Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.
The salary range for this position is: $130,500 - $184,400
*Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership*