Lead Information Security Third Party Risk Analyst

Company: Navy Federal Credit Union
Location: Pensacola
Posted on: January 26, 2023

Job Description:

YOUR LIFE'S MISSION: POSSIBLEYou have goals, dreams, hobbies and things you're passionate about.What's Important to You Is Important to UsWe're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen.Don't take our word for it.--- Military Times 2021 Best for Vets Employers--- WayUp Top 100 Internship Programs--- Forbes - 2022 The Best Employers for New Grads--- Forbes - America's Best Employers--- Newsweek Top 100 Most Loved Workplaces--- Fortune Best Workplaces for Women--- Fortune 100 Best Companies to Work For ---- Computerworld - Best Places to Work in ITBasic PurposeLead information security oversight and monitoring of Navy Federal third parties; monitor the evaluation of third-party security programs, procedures, controls, and information systems; validate the identification and reporting of third-party technical control gaps and risks; and monitor and validate third party finding remediation progress. Applies full range of specialized skills and job knowledge and frequently adapts procedures, techniques, tools, materials, and/or equipment to meet specialized needs. Work is performed under general direction.Responsibilities--- Conduct reviews of Navy Federal third-party information security programs, procedures, and information systems--- Ability to travel 25-50% to perform on-site assessments, as needed--- Analyze technical intelligence data and reporting and identification of information security concerns related to third party control environments--- Monitor program workflow and requests and assign tasks and responsibilities to program analysts--- Monitor the performance of risk assessments and security testing of Navy Federal third parties conducted by program analysts--- Lead the performance of third-party finding remediations and monitor lower-level staff review of third-party remediation responses and evidence to confirm third party compliance with Navy Federal information security control expectations--- Lead program governance processes including creation and publishing of program documentation, maintenance of repositories, and response to audit and exam requests--- Monitor analyst and program performance metrics for compliance with defined program thresholds, targets, and SLAs--- Lead continuous improvement of the InfoSec TPRM program; identify opportunities to improve or enhance the program--- Conduct quality control reviews of lower-level staff work, analysis, documentation, and deliverables--- Participate in and lead Agile scrum activities supporting the delivery of program enhancements and projects--- Provide feedback, training, and support to lower-level staff--- Develop and propose key program performance and risk metrics--- Build and maintain strong relationships with team members, leadership, key business unit stakeholders, and third parties--- Maintain expert knowledge of information security best practices and industry trends, and apply them to process and policy improvements and compliance actions--- Perform other related duties as assignedQualifications--- Bachelor's degree in Computer Science, Information Security, or related field, or the equivalent combination of training, education, and experience--- Hands on experience conducting third risk party assessments and finding remediations based on program volumes or for highly visible and/or most complex requests--- Evaluate the design and implementation of third-party technical controls--- Identify ineffective, inadequate, or absent third-party security controls and quantification of risk to Navy Federal--- Advanced knowledge of applicable federal and state laws, rules and regulations such as the Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)--- Advanced knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks--- Knowledge of or experience in auditing principles and frameworks such as COSO, COBIT, NIST, and SANS--- Experience with Agile processes, methodologies and journey mapping.--- Experience in information security processes, concepts, principles, and methodologies--- Significant experience in performing audit and information security risk assessments--- Significant experience in working with all levels of staff, management, stakeholders, and vendors--- Significant experience in creating, generating, and maintaining data, reports, queries, etc.--- Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals--- Expert research, analytical, and problem-solving skills--- Expert skill presenting findings, conclusions, alternatives, and information clearly and concisely--- Expert skill in producing desired results and achieving goals and objectives--- Expert organizational, planning, and time management skills--- Expert skill building effective relationships through rapport, trust, diplomacy, and tact--- Significant experience in leading, guiding, and mentoring others--- Expert verbal and written communication skills--- Exposure to the banking/financial services industry with a focus on Information Security and Information Technology--- Familiarity with information security risks and countermeasures--- Expert skill analyzing and organizing problems or work processes for technical solutionsHours: Monday - Friday, 8:00AM - 4:30PMLocation: 820 Follin Lane, Vienna, VA 22180 - 5550 Heritage Oaks Dr. Pensacola, FL 32526 - 141 Security Dr. Winchester, VA 22602Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report on-site 4-16 days each month. The number of days reporting on-site will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and on boarding process.Salary Range: $101,000 - $185,200 annuallyNavy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.Posting End Date: 2/23/23Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume.Equal Employment OpportunityNavy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/DisabilityDisclaimerNavy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.Bank Secrecy ActRemains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.Employee ReferralsThis position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.

Keywords: Navy Federal Credit Union, Pensacola , Lead Information Security Third Party Risk Analyst, Professions , Pensacola, Florida