Lead Analyst Information Security Controls Program

YOUR LIFE'S MISSION: POSSIBLE

You have goals, dreams, hobbies and things you're passionate about.

What's Important to You Is Important to Us
We're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen.

Don't take our word for it.

* Military Times 2021 Best for Vets Employers
* WayUp Top 100 Internship Programs
* Forbes 2021 The Best Employers for New Grads
* Forbes America's Best Employers
* Newsweek Top 100 Most Loved Workplaces
* 2021 People Companies that Care
* Fortune Best Workplaces for Women
* Fortune 100 Best Companies to Work For
* Fortune Best Workplaces for Millennials
* Computerworld Best Places to Work in IT

Basic Purpose

To serve as a lead technical expert for the Security Controls Program to ensure established controls are adhered to, and maintained across the enterprise. Provide oversight and leadership for Security Controls Program and related projects. Identify key stakeholders and support teams to build, manage and improve effective data security controls. Collaborate with end users, management, stakeholders and external resources to ensure maximum effectiveness of the Security Controls. Serve as subject matter expert for Information Security Controls. Work performed under limited supervision.

Responsibilities:
* Oversee the Security Controls Improvement Program and actions taken to remediate outstanding control gaps and areas of noncompliance
* Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance action
* Develop and maintain a thorough understanding of Information Security industry standards/trends, best practices, processes and technology; communicate information to team members
* Oversee the development of queries and reports
* Conduct analysis and evaluation of data security standards
* Analyze and monitor NFCU's Security posture and the status of remediation efforts
* Develop key performance metrics to ascertain if established Security Controls are adequate
* Partner with key stakeholders to plan and develop remediation plans
* Conduct planning, scheduling, budgeting, and resourcing for Security Controls projects
* Lead cross-functional teams to identify and assess security risks for NFCU information systems and networks; make recommendations to management
* Lead the assessment of enterprise risk focusing on security controls and protection of member and employee Personal Identifiable Information (PII); make recommendations to management
* Perform quality control audits of Analysts' work to ensure compliance with applicable federal and state laws, rules, regulations, and NFCU policies and procedures
* Maintain thorough knowledge of and ensure compliance with applicable federal and state laws, rules, regulations and NFCU policies and procedures (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
* Oversee and provide training to Analysts regarding procedures, protocols, standards and controls
* Assign and prioritize workload for Information Security Programs team
* Build and maintain effective relationships with team members, management, key stakeholders and/or external contacts, vendors, etc.
* Lead, guide, and mentor less experienced Analyst team members
* Perform other duties as assigned

Qualifications:
* Bachelor's degree in Computer Science, Information Security, or the equivalent combination of training, education, and experience
* Advanced knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
* Advanced knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
* Expert knowledge of project management processes and methodologies
* Extensive experience in information security processes, concepts, principles, and methodologies
* Experience in Security policy and procedure development
* Significant experience in auditing principles and frameworks such (e.g., COSO, Cobit, NIST, and SANS)
* Extensive experience in performing audit and information security risk assessments
* Extensive experience in working with all levels of staff, management, stakeholders, and vendors
* Extensive experience in creating, generating and maintaining data, reports, queries, etc.
* Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals
* Expert research, analytical, and problem solving skills
* Expert skill presenting findings, conclusions, alternatives and information clearly and concisely
* Expert skill in producing desired results and achieving goals and objectives
* Expert organizational, planning, and time management skills
* Expert skill building effective relationships through rapport, trust, diplomacy, and tact
* Significant experience in leading, guiding and mentoring others
* Expert verbal and written communication skills
* Expert word processing and spreadsheet software skills
* Expert database and presentation software skills
* Advanced skill in results-oriented leadership in a challenging environment
* Exposure to the banking/financial services industry with a focus on Information Security and Information Technology
* Familiarity with information security risks and countermeasures
* Desired - Master's degree in Computer Science, Information Security, or related field
* Desired - Working knowledge of Navy Federal's mission, objectives, functions, and policies
* Desired - Experience in the financial services industry with a focus on information security and information technology
* Desired - Working knowledge of information security risks and countermeasures
* Desired - Professional certification in the information security sector (CRISC, CISM, CISSP, CISA)

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna VA 22180 | 5550 Heritage Oaks Dr Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | Remote

Salary: $109,900 - $187,900

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

*Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report onsite 4-16 days each month. The number of days reporting onsite will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and onboarding process.

#LI-Remote

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability

COVID-19 Vaccine Information

As a COVID-19 safety measure, our employees must either provide proof of COVID-19 vaccination or follow additional safety protocols, including testing.

Disclaimer

Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Employee Referrals

This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.