Lead Analyst, Information Security Controls Program in Vienna, VA

$80K - $100K(Ladders Estimates)

Navy Federal Credit Union   •  

Vienna, VA 22183

Industry: Finance & Insurance


Not Specified years

Posted 53 days ago

Why You Will Love Being Part of the Navy Federal Team:

*Competitive compensation with opportunities for annual raises, promotions, and bonus potential

*Best-in-Class Benefits! (7% 401k match / Pension plan / Tuition reimbursement / Great insurance options)

*On-site amenities include fitness center, wellness center, cafeteria, etc. at Pensacola, FL; Vienna, VA and Winchester, VA campuses

*Consistently Awarded Top Workplace

*Nationally recognized training department by TRAINING Magazine IND123

*An employee-focused, diverse, and service-oriented workplace environment

Basic Purpose

To serve as a lead technical expert for the Information Security Controls Program to ensure established controls are adhered to, and maintained across the enterprise. Provide oversight and leadership for Security Controls Program and related projects. Identify key stakeholders and support teams to build, manage and improve effective data security controls. Collaborate with end users, management, stakeholders and external resources to ensure maximum effectiveness of the Security Controls. Serve as subject matter expert for Information Security Controls. Work performed under limited supervision.


• Oversee the Security Controls Improvement Program and actions taken to remediate outstanding control gaps and areas of noncompliance

• Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions

• Develop and maintain a thorough understanding of Information Security industry standards/trends, best practices, processes and technology; communicate information to team members

• Oversee the development of queries and reports

• Conduct analysis and evaluation of data security standards

• Manage the Information Security Risk Register containing records of outstanding control gaps, and areas of noncompliance with Information Security Instructions and Standards, both internal to Navy Federal and external to service providers

• Analyze and monitor NFCU's Information Security posture and the status of remediation efforts

• Develop key performance metrics to ascertain if established Information Security Controls are adequate

• Partner with key stakeholders to plan and develop remediation plans

• Conduct planning, scheduling, budgeting, and resourcing for Information Security Controls projects

• Lead cross-functional teams to identify and assess information security risks for NFCU information systems and networks; make recommendations to management

• Lead the assessment of enterprise risk focusing on security control and protection of member and employee Personal Identifiable Information (PII); make recommendations to management

• Conduct service provider reviews

• Oversee vendor relationships to ensure product, service, and quality meet and/or exceed expectations and contract requirements

• Conduct Security Exception reviews to ensure compliance with Information Security Standards; identify and resolve issues

• Perform quality control audits of Analysts' work to ensure compliance with applicable federal and state laws, rules, regulations, and NFCU policies and procedures

• Maintain thorough knowledge of and ensure compliance with applicable federal and state laws, rules, regulations and NFCU policies and procedures (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)

• Oversee and provide training to Analysts' regarding procedures, protocols, standards and controls

• Assign and prioritize workload for Information Security Programs team

• Build and maintain effective relationships with team members, management, key stakeholders and/or external contacts, vendors, etc.

• Lead, guide and mentor less experienced Analyst team members

• Perform other duties as assigned


• Bachelor's degree in Computer Science, Information Security, or the equivalent combination of training, education, and experience

• Advanced knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)

• Advanced knowledge of NCUA,FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks

• Expert knowledge of project management processes and methodologies

• Extensive experience in information security processes, concepts, principles, and methodologies

• Experience in Security policy and procedure development

• Significant experience in auditing principles and frameworks such (e.g., COSO, Cobit 5, NIST, and SANS)

• Extensive experience in performing audit and information security risk assessments

• Extensive experience in working with all levels of staff, management, stakeholders, and vendors

• Extensive experience in creating, generating and maintaining data, reports, queries, etc.

• Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals

• Expert research, analytical, and problem solving skills

• Expert skill presenting findings, conclusions, alternatives and information clearly and concisely

• Expert skill in producing desired results and achieving goals and objectives

• Expert organizational, planning, and time management skills

• Expert skill building effective relationships through rapport, trust, diplomacy, and tact

• Significant experience in leading, guiding and mentoring others

• Expert verbal and written communication skills

• Expert word processing and spreadsheet software skills

• Expert database and presentation software skills

• Advanced skill in results-oriented leadership in a challenging environment

• Exposure to the banking/financial services industry with a focus on Information Security and Information Technology

• Familiarity with information security risks and countermeasures

Desired – Master's degree in Computer Science, Information Security, or related field

Desired – Working knowledge of NFCU's mission, objectives, functions, and policies

Desired – Experience in the financial services industry with a focus on information security and information technology

Desired – Working knowledge of information security risks and countermeasures

Desired – Professional certification in the information security sector (CRISC, CISM, CISSP)

Valid Through: 2019-10-17