Lead Information Security Third Party Risk Analyst
Company: Navy Federal Credit Union
Location: Pensacola
Posted on: January 26, 2023
|
|
Job Description:
YOUR LIFE'S MISSION: POSSIBLEYou have goals, dreams, hobbies and
things you're passionate about.What's Important to You Is Important
to UsWe're looking for people who not only want to do meaningful,
challenging work, keep their skills sharp and move ahead, but who
also take time for the things that matter to them-friends, family
and passions. And we're looking for team members who are passionate
about our mission-making a difference in military members' and
their families' lives. Together, we can make it happen.Don't take
our word for it.--- Military Times 2021 Best for Vets Employers---
WayUp Top 100 Internship Programs--- Forbes - 2022 The Best
Employers for New Grads--- Forbes - America's Best Employers---
Newsweek Top 100 Most Loved Workplaces--- Fortune Best Workplaces
for Women--- Fortune 100 Best Companies to Work For ----
Computerworld - Best Places to Work in ITBasic PurposeLead
information security oversight and monitoring of Navy Federal third
parties; monitor the evaluation of third-party security programs,
procedures, controls, and information systems; validate the
identification and reporting of third-party technical control gaps
and risks; and monitor and validate third party finding remediation
progress. Applies full range of specialized skills and job
knowledge and frequently adapts procedures, techniques, tools,
materials, and/or equipment to meet specialized needs. Work is
performed under general direction.Responsibilities--- Conduct
reviews of Navy Federal third-party information security programs,
procedures, and information systems--- Ability to travel 25-50% to
perform on-site assessments, as needed--- Analyze technical
intelligence data and reporting and identification of information
security concerns related to third party control environments---
Monitor program workflow and requests and assign tasks and
responsibilities to program analysts--- Monitor the performance of
risk assessments and security testing of Navy Federal third parties
conducted by program analysts--- Lead the performance of
third-party finding remediations and monitor lower-level staff
review of third-party remediation responses and evidence to confirm
third party compliance with Navy Federal information security
control expectations--- Lead program governance processes including
creation and publishing of program documentation, maintenance of
repositories, and response to audit and exam requests--- Monitor
analyst and program performance metrics for compliance with defined
program thresholds, targets, and SLAs--- Lead continuous
improvement of the InfoSec TPRM program; identify opportunities to
improve or enhance the program--- Conduct quality control reviews
of lower-level staff work, analysis, documentation, and
deliverables--- Participate in and lead Agile scrum activities
supporting the delivery of program enhancements and projects---
Provide feedback, training, and support to lower-level staff---
Develop and propose key program performance and risk metrics---
Build and maintain strong relationships with team members,
leadership, key business unit stakeholders, and third parties---
Maintain expert knowledge of information security best practices
and industry trends, and apply them to process and policy
improvements and compliance actions--- Perform other related duties
as assignedQualifications--- Bachelor's degree in Computer Science,
Information Security, or related field, or the equivalent
combination of training, education, and experience--- Hands on
experience conducting third risk party assessments and finding
remediations based on program volumes or for highly visible and/or
most complex requests--- Evaluate the design and implementation of
third-party technical controls--- Identify ineffective, inadequate,
or absent third-party security controls and quantification of risk
to Navy Federal--- Advanced knowledge of applicable federal and
state laws, rules and regulations such as the Federal Financial
Institutions Examination Manual (FFIEC), National Information of
Standards and Technology (NIST), and International Standards
Organization (ISO)--- Advanced knowledge of NCUA, FFIEC, GLBA, ISO
27001/27002, SANS20, PCI DSS, and other Information security
requirements and frameworks--- Knowledge of or experience in
auditing principles and frameworks such as COSO, COBIT, NIST, and
SANS--- Experience with Agile processes, methodologies and journey
mapping.--- Experience in information security processes, concepts,
principles, and methodologies--- Significant experience in
performing audit and information security risk assessments---
Significant experience in working with all levels of staff,
management, stakeholders, and vendors--- Significant experience in
creating, generating, and maintaining data, reports, queries,
etc.--- Significant experience in managing multiple priorities
independently and/or in a team environment to achieve goals---
Expert research, analytical, and problem-solving skills--- Expert
skill presenting findings, conclusions, alternatives, and
information clearly and concisely--- Expert skill in producing
desired results and achieving goals and objectives--- Expert
organizational, planning, and time management skills--- Expert
skill building effective relationships through rapport, trust,
diplomacy, and tact--- Significant experience in leading, guiding,
and mentoring others--- Expert verbal and written communication
skills--- Exposure to the banking/financial services industry with
a focus on Information Security and Information Technology---
Familiarity with information security risks and countermeasures---
Expert skill analyzing and organizing problems or work processes
for technical solutionsHours: Monday - Friday, 8:00AM -
4:30PMLocation: 820 Follin Lane, Vienna, VA 22180 - 5550 Heritage
Oaks Dr. Pensacola, FL 32526 - 141 Security Dr. Winchester, VA
22602Navy Federal is now hybrid! Our standard enterprise
requirement for a hybrid schedule is to report on-site 4-16 days
each month. The number of days reporting on-site will ultimately be
determined by the employee's leadership and business unit needs.
You will learn more throughout the hiring and on boarding
process.Salary Range: $101,000 - $185,200 annuallyNavy Federal
Credit Union assesses market data to establish salary ranges that
enable us to remain competitive. You are paid within the salary
range, based on your experience, location and market
position.Posting End Date: 2/23/23Job postings are subject to close
early or extend out longer than the anticipated closing date at the
hiring team's discretion based on qualified applicant volume.Equal
Employment OpportunityNavy Federal values, celebrates, and enacts
diversity in the workplace. Navy Federal takes affirmative action
to employ and advance in employment qualified individuals with
disabilities, disabled veterans, Armed Forces service medal
veterans, recently separated veterans, and other protected
veterans. EOE/AA/M/F/Veteran/DisabilityDisclaimerNavy Federal
reserves the right to fill this role at a higher/lower grade level
based on business need. An assessment may be required to compete
for this position.Bank Secrecy ActRemains cognizant of and adheres
to Navy Federal policies and procedures, and regulations pertaining
to the Bank Secrecy Act.Employee ReferralsThis position is eligible
for the TalentQuest employee referral program. If an employee
referred you for this job, please apply using the system-generated
link that was sent to you.
Keywords: Navy Federal Credit Union, Pensacola , Lead Information Security Third Party Risk Analyst, Professions , Pensacola, Florida
Click
here to apply!
|