The Senior InfoSec Analyst (Information Security Analyst III) on the BISO team plays a key role in advancing the security and resiliency of Navy Federal systems by leveraging broad cybersecurity experience to enhance the delivery of security services to enterprise business unit customers. The Sr. Analyst delivers expert security consulting and advice to enterprise business units to help ensure safety and security of member data, critical business systems, and underlying infrastructure. The successful candidate will be an expert in information security, risk management, security controls, security policies & standards, assessment processes, and enterprise Governance, Risk and Compliance (GRC) tools. The analyst will help business unit customers navigate the organization to successfully engage information security services to achieve positive business outcomes. The Sr Analyst will understand how NFCU standards are applied, and how to facilitate the delivery of security services to application and infrastructure owners. By focusing on contemporary information and cybersecurity threats, the Security Subject Matter Expert in this position will be able to provide advice on the best course of action to successfully mitigate the same. The analyst will have expertise to advise executives, projects, programs, and strategic initiative owners for secure design and development of systems and processes while also mentoring and training more junior analysts on the team to do the same.

Responsibilities:

Secure the Business

• Identifies, evaluates, and analyzes security risks for business projects and related systems. Participates in reviewing and analyzing internal projects that may have an impact on information security postures for the enterprise.
• Participates in reviewing and analyzing communications and data flows that may impact security of the credit union and its members information. Coordinates with and supports information security efforts and provide guidance on risks and vulnerabilities related to common application protocols and Web services security.
• Understands and advises the business on data governance approach for security concerns including encryption, confidentiality, authentication, privacy, etc.
• Designs, implements, supports and maintains operational security policies and security solutions based on security standards and best practices.
• Supports a security philosophy of risk identification and mitigation through proactive security awareness training, cost effective countermeasures, infrastructure security, and systems security planning/integration. Assists in ensuring currency of controls for authentication, encryption, and intrusion detection. Identifies and correlates security data and information technology and security risks.
• Serves as a consultant for security issues across Information Services, with an emphasis on Cloud-based systems and platforms. Evaluates problems, identifies root causes, coordinates resources, determines temporary measures and/or permanent solutions, and recommends and/or implements measures to restore service operations. Escalates and works with Manager or leadership to resolve more complex situations and/or challenges.
• Participates in new technology evaluations and implementations of information security systems. Researches and evaluates impacts related to implementation of new security measures, systems, and technologies into the corporate infrastructure, ensuring security best practices are met. Maintains network security knowledge by investigating contemporary technologies and methodologies, attending educational workshops, reviewing technical publications, performing technical hands-on evaluations, and making recommendations to Information Security management. Maintains technical certifications in enterprise-wide information security competencies, network operating systems, network configuration, and tools development languages.
• Participates in the design and development of training for technical staff on information security technologies, methodologies, and best practices. Participates in the development of maintenance of formal documentation and procedures for information security architecture.
• Performs other related duties as assigned

Secure the Technology

• Analyzes and evaluates existing information security programs, procedures, and technologies that protect corporate information systems assets from intentional or inadvertent modification, disclosure, or destruction.
• Offers expertise, written and oral, with excellent customer service, in interpretation of security controls, risks, and security assessment results to business units and leadership.
• Facilitates completion of control assessments for business-critical systems and infrastructure. Communicate and explain results to the business to facilitate remediation.
• Formulates guidelines for business stakeholders pertaining to the application of security architectures, security frameworks, control frameworks, and best practices for security.
• Analyzes and evaluates the design and operating effectiveness of Information technology and security controls that are in place

Secure the Operating Environment

• Facilitates assessments of new and existing vendors’ IT environments in protecting Navy Federal information assets from data compromise and/or identity theft. Communicates with internal Navy Federal personnel to understand the services and/or products being provided by the vendor. Evaluates the security controls the vendors have in place
• Understands and executes the NIST Cyber Security Framework (CSF), risk management, and applied security controls from NIST, PCI DSS, NCUA, CFPB and other FFIEC control standards as assigned.
• Assists with the education of staff on the requirements of information security and the efforts to improve information security awareness.
• Evaluates current business practices against regulatory and industry benchmarks
• Performs other related duties as assigned.

Qualifications and Education Requirements

Minimum Qualifications Knowledge & Skills Required:

• Outstanding communications skills, both written and verbal
• Bachelor’s Degree in a related field or the equivalent combination of training, education, and military experience
• Extensive experience in computer and information security assessment, administration, and management (5+ years)
• Extensive experience in the evaluation and assessment of security risks and controls in place around business processes, systems and applications. (3+ years)
• Extensive experience in the evaluation and assessment of security risks and controls in place at third party suppliers that access, process or store confidential data. (3+ years)
• Comprehensive knowledge and understanding of best practices and trends related to information security
• Comprehensive knowledge of information security regulations and standards
• Formal project management experience which includes organization skills, managing strategy, project communications (internal and external to team), and planning and directing the work of participants
• Strong research, analytical, and problem-solving skills
• Highly developed presentation skills including preparing and presenting results, findings, recommendations and influencing management decision making based on the best available data
• Knowledge of NCUA and FFIEC regulations, GLBA, NIST and other information security requirements and frameworks
• Knowledge of Cloud infrastructure and security frameworks for IaaS, PaaS, and SaaS configurations

Preferred Qualifications, Knowledge & Skills:

• Experience in the financial services field highly preferred
• Demonstrated proficiency with security systems, assessment tools, and technical security
• Proficient industry knowledge as represented by achievement of CISSP, CISM, and other security certifications
• Proficient industry standards as shown by certifications: (ISACA, NIST, COBIT, COSO, ITIL)
• Experience and certification in agile methods and ways of working
• Azure, AWS, and/or other Cloud certifications (preferred: AZ 500 certification)

Hours: Monday - Friday, 8:00am - 5:00pm

Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | Remote

Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership.

Salary: Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain
competitive. You are paid within the salary range, based on your experience, location and market position.

The salary range for this position is: $92,900 to $160,400

#LI-Remote