Job Description

Responsible for overseeing and managing the Information Security Program Risk Assessment. The Information Security Program Risk Assessment encompasses analyzing the environment for potential threats and vulnerabilities that, if not mitigated, may pose a risk to the confidentiality of NFCU member data. The incumbent will be responsible for assisting in the development of the assessment strategy, the management, and overall execution of this second-line of defense risk management and governance activity. This role will collaborate with NFCU business unit Sr. leaders across the enterprise to identify, mitigate and manage information security risks. The incumbent will be expected to leverage their extensive industry and real-world experience to manage information security governance and risk management activities, developing pragmatic solutions to address gaps in line with established risk appetites. Ensure information security governance and risk management activities align with strategic business initiatives, achieve business and quality objectives, mitigate risk and enhance operating procedures. Develop dashboards, metrics and reporting data to provide consultative guidance during monthly and quarterly governance committees. Promote operational efficiency and service excellence through appropriate risk controls, process improvements and training while reducing and mitigating financial losses.

Responsibilities

• Leading a team of Information Security Risk Analysts through the planning and execution of the Information Security Program Risk Assessment
• Managing the development and leading comprehensive Information Security Program Maturity Assessment and Risk Assessment initiatives in line with the enterprise goals and regulatory expectations
• Responsible for ensuring the effective identification, mitigation and management of information security risks arising from business activities. In addition, provide guidance and advice to senior management on the status of their control environment related to standards compliance, risk identification and control issues. Identify critical areas to monitor and escalate issues and findings to appropriate stakeholders and governance committees
• Leverage effective oral and written communication skills to ensure the effective articulation and implications of risks and issues related to data management and protection to sponsors and risk owners and, if necessary, oversee security exceptions or issue management
• Ensure the team translates control deficiencies into action plans and provide recommendations to enhance governance practices in alignment with risk and compliance frameworks
• Participate in Security-related special projects, councils, working groups, etc. as a Risk SME
• Other duties as assigned

Qualifications

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field required
• 10+ years hands on experience leading and performing information security program risk assessments, program level maturity assessments and cyber security technical assessments
• 10+ year's experience in Cyber Security Governance, IT Governance, and Compliance leadership roles
• 10+ years of demonstrated leadership and team management experience of teams of risk professionals
• Extensive hands on experience applying risk management frameworks in financial services organizations (e.g., NIST Cybersecurity Framework / 800.53)
• Extensive hands-on experience presenting, creating materials for, and participating in Information Security / IT financial institution regulatory examinations (NCUA, or Federal Reserve, or OCC)
• Extensive hands-on experience applying FFIEC IT Handbook guidance, focused on the Information Security and IT Management booklet
• Broad knowledge of information security technologies (e.g., firewalls, intrusion detection systems, encryption, identity and access management)
• Excellent problem-solving, analytical, and decision-making skills
• Excellent communication skills with the ability to present complex technical information to non-technical stakeholders
• Broad knowledge of Risk management
• Broad knowledge of Cybersecurity risk
• Ability to guide, influence and persuade others, primarily internally

Desired Qualifications

• Graduate education in Business, Cyber/Information Security Risk, Information Systems, Computer Science, Engineering, Quantitative discipline, or related field desired
• Professional Certifications include, but not limited to CISA, CISSP, CISM, CRISC, etc.

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive, Pensacola, FL 32526 | 141 Security Drive, Winchester, VA 22602

About Us

Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

Our approach to careers is simple yet powerful: Make our mission your passion.

• Best Companies for Latinos to Work for 2024
• Computerworld® Best Places to Work in IT
• Forbes® 2025 America's Best Large Employers
• Forbes® 2024 America's Best Employers for New Grads
• Forbes® 2024 America's Best Employers for Tech Workers
• Fortune Best Workplaces for Millennials™ 2024
• Fortune Best Workplaces for Women ™ 2024
• Fortune 100 Best Companies to Work For® 2025
• Military Times 2024 Best for Vets Employers
• Newsweek Most Loved Workplaces
• 2024 PEOPLE® Companies That Care
• RippleMatch Recruiting Choice Award
• Yello and WayUp Top 100 Internship Programs

From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to age, race, sex, color, religion, national origin, disability, veteran status, pregnancy, sexual orientation, genetic information, gender identity or any other basis protected by applicable law.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.