Job Description YOUR LIFE'S MISSION POSSIBLE You have goals, dreams, hobbies and things you're passionate about. What's Important to You Is Important to Us We're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen. Don't take our word for it. FORTUNE 100 Best Companies to Work ForRegistered ComputerworldRegistered Best Places to Work in IT FORTUNERegistered Best Workplaces for Millennials ForbesRegistered America's Best Employers IND123 Basic Purpose To plan, direct and manage the analysis of Information Security risk management programs to effectively protect information systems assets and enable safe implementation of Navy Federal processes, products and services. Provide subject matter expertise and guidance to senior management and functional areas for the protection of information systems assets. Supervise the development of Information Security awareness campaigns and training. Responsibilities bull Plan, identify, develop and manage the analysis of enterprise information security risk exposure associated with current and new business processes bull Lead cross-disciplinary teams to identify and assess information security risks for Navy Federal information systems and networks bull Lead the assessment of enterprise risk focusing on security control and protection of member and employee Personal Identifiable Information (PII) bull Partner with key stakeholders to plan and develop remediation plans to address outstanding control gaps and areas of noncompliance bull Ensure compliance with all regulatory agency regulations and applicable federal, state, and local laws to minimize risk bull Report to senior Security management regarding Navy Federal's Information Security posture and the status of remediation efforts to address control gaps and resolve areas of noncompliance bull Manage the Information Security Risk Register containing records of the outstanding control gaps, and areas of noncompliance with Information Security Instructions and Standards bull Assist in leading the planning, scheduling, budgeting, and resourcing of the Security Controls Improvement Program, Data Security Risk Mitigation Program and other projects focused on remediation of outstanding control gaps and areas of noncompliance bull Oversee Service Provider reviews performed on third parties with whom Navy Federal is considering doing business, and existing third parties with an established working relationship bull Evaluate controls of the service providers to ensure consistency with Navy Federal standards and do not introduce a level of risk not compatible with Navy Federal's risk appetite bull Manage the development and execution of service provider reviews to include clearly defined timelines and expectations with third party vendors to ensure adequate documentation is obtained for research and analysis bull Collaborate and build relationships with Procurement and business units with established relationships with the service provider document and report on issues identified communicate with stakeholders to determine if relationship should be pursuedcontinued bull Manage development and implementation of information system security policies, practices and standards bull Manage development of and implementation of information security education awareness training for members, employees, and contractors. bull Collaborate with leadership of other Information Security teams to ensure coordination and alignment with Information Security's strategic direction. bull Perform supervisorymanagerial responsibilities JDR00000081 - Ensure adequateskilled staffing select employees - Establish performance goals and priorities - Prepare, conduct, and review performance appraisals - Develop, mentor and counsel staff - Provide input andor prepare budget requirements for Annual Financial Plan (AFP) - Ensure sectionbranch goals and objectives align with divisiondepartment strategy - Ensure efficiency of operations - Leadership Level bull Performs other related duties as assigned Qualifications bull Bachelor's degree in Computer Science, Information Security, related fields or equivalent experience bull Significant experience with information security processes, concepts, principles, and methodologies bull Significant experience in Security policy and procedure development bull Significant experience in vendor risk management and oversight bull Significant experience in performing Risk Assessments bull Significant experience in working with all levels of staff, management, stakeholders, vendors bull Extensive experience in developing and maintaining enterprise risk programs focusing on information security bull Extensive experience in auditing principles and frameworks such as COSO, Cobit 4.1 and NIST and SANS bull Advanced knowledge of NCUA,FFIEC, GLBA, ISO 2700127002,SANS20, PCI DSS and other Information security requirements and frameworks bull Advanced knowledge of at least one industry-leading risk management framework bull Effective skill in results-oriented leadership in a challenging environment Advanced skill building effective relationships through rapport, trust, diplomacy and tact bull Ability to translate complex information security topics and threats into easily understood terms that can be incorporated into business requirements bull Advanced verbal and written skills bull Advanced organizational, planning and time management skills bull Advanced skill in producing desired results to achieve goals and objectives bull Advanced research, analysis and problem solving skills bull Effective skill in results-oriented leadership in a challenging environment bull Desired - Knowledge of Navy Federal's mission, objectives, functions and policies bull Desired - Experience in the financial services industry with a focus on information security and information technology bull Desired - Knowledge of information security risks and countermeasures bull Desired - Professional certification in the information security sector (CRISC, CISM, CISSP) bull Desired - Experience in audit information security assessment Hours Monday - Friday, 800am - 430pm Location 820 Follin Lane, Vienna, VA 22180 Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership Equal Employment Opportunity Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOEAAMFVeteranDisability Disclaimer Navy Federal reserves the right to fill this role at a higherlower grade level based on business need. An assessment may be required to compete for this position. Bank Secrecy Act Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.