Why You Will Love Being Part of the Navy Federal Team:
*Competitive compensation with opportunities for annual raises, promotions, and bonus potential
*Best-in-Class Benefits! (7% 401k match / Pension plan / Tuition reimbursement / Great insurance options)
*On-site amenities include fitness center, wellness center, cafeteria, etc. at Pensacola, FL; Vienna, VA and Winchester, VA campuses
*Consistently Awarded Top Workplace
*Nationally recognized training department by TRAINING Magazine
*An employee-focused, diverse, and service-oriented workplace environment
To analyze and evaluate new and existing information security programs and procedures to protect corporate information systems assets from intentional or inadvertent modification, disclosure, or destruction. To develop and maintain policies, procedures and standards to control and manage information assets and meet corporate and regulatory requirements.
1. Analyzes and evaluates existing information security programs and procedures to protect corporate information systems assets from intentional or inadvertent modification, disclosure, or destruction.
• Documents and maintains information security programs and procedures to protect all information systems data, including mainframe, networks, and software applications
• Assists in creating and enforcing security standards, policies and procedures
• Reviews existing and proposed legislation and regulations related to information security
• Researches and maintains current knowledge regarding information security issues, trends, solutions and potential implications for Navy Federal
2. Performs risk assessments of business processes, systems and applications
• Analyzes and evaluates the design and operating effectiveness of Information technology and security controls that are in place
• Evaluates current business practices against regulatory and industry benchmarks
3. Performs assessments of new and existing vendors’ IT environments in protecting Navy Federal information assets from data compromise and/or identity theft.
• Communicates with internal Navy Federal personnel to understand the services and/or products being provided by the vendor
• Evaluates the security controls the vendors have in place
• Assesses a residual risk rating for the vendor based upon their control environment
• Communicates with vendor personnel throughout the review process
• Communicates status of reviews to Information Security management and internal business stakeholders
4. Assists with the education of staff on the requirements of information security and the efforts to improve information security awareness.
5. Performs other related duties as assigned.
QUALIFICATIONS -- KNOWLEDGE, SKILLS AND ABILITIES:
• Bachelor’s Degree in a related field or the equivalent combination of training, education, and experience
• Extensive experience in computer and information security assessment, administration, and management (3+ years)
• Extensive experience in the evaluation and assessment of security risks and controls in place around business processes, systems and applications. (3+ years)
• Extensive experience in the evaluation and assessment of security risks and controls in place at third party suppliers that access, process or store confidential data. (3+ years)
• Comprehensive knowledge and understanding of best practices, trends related to information security
• Comprehensive knowledge of information security regulations and legislations
• Formal project management experience which includes organization skills, managing strategy, project communications (internal and external to team), and planning and directing the work of participants
• Strong research, analytical, and problem solving skills
• Highly developed communication skills including preparing and presenting results, findings, recommendations and influencing management decision making based on the best available data
• Excellent writing skills with experience drafting Executive-level documents
• Knowledge of NCUA and FFIEC regulations, GLBA, NIST and other information security requirements and frameworks
• Advanced college degree in information security, cyber security, information technology, etc.
• Experience with security systems, assessment tools, and technical security
• Professional certification (CISSP, CISA, CRISC) or a reasonable expectation to obtain the certification
Monday-Friday, 8:00 am - 4:30 pm
Equal Employment Opportunity
Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability