09 Aug
Manager of Information Security Programs
Vacancy expired!
Job Description YOUR LIFE'S MISSION: POSSIBLE You have goals, dreams, hobbies and things you're passionate about.
What's Important to You Is Important to UsWe're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen.Don't take our word for it.• Military Times 2021 Best for Vets Employers• WayUp Top 100 Internship Programs• Forbes® 2021 The Best Employers for New Grads• Forbes® America's Best Employers• Newsweek Top 100 Most Loved Workplaces• 2021 People Companies that Care• Fortune Best Workplaces for Women• Fortune 100 Best Companies to Work For®• Fortune Best Workplaces for Millennials• Computerworld® Best Places to Work in ITBasic Purpose To plan, direct and manage the analysis and negotiation of Information Security third party risk management contract requirements to effectively protect information systems assets and enable the safe implementation of Navy Federal processes, products and services. Provide subject matter expertise and guidance to senior management and functional areas for the protection of information systems assets, relative to third party engagements and oversight.Responsibilities:• Plan, identify, develop and manage the analysis of enterprise information security risk exposure associated with current and new third party engagements• Lead cross-disciplinary teams to identify and assess third party information security risks for Navy Federal data, information systems, and networks• Conduct expert level, high quality review of information security contract terms for complex and high visibility third party relationships• Negotiate information security contract redlines, and make decisions on efficacy of mitigating controls, alternative language, and risks posed by vendor • Identify, analyze, and quantify the information security risk exposure associated with third party contracts and relationships• Lead the assessment of enterprise risk focusing on third party security controls and protection of member, employee, and company data• Partner with key stakeholders to plan and develop remediation plans to address outstanding third party contract gaps and deviations• Ensure compliance with all regulatory agency regulations and applicable federal, state, and local laws to minimize risk• Report to senior Security management regarding Navy Federal's Information Security posture and the status of third party remediation efforts to address third party control gaps and resolve areas of noncompliance• Assist in leading the planning, scheduling, budgeting, and resourcing of the Information Security Third Party Risk Management Program and other projects focused on remediation of outstanding third party oversight and control gaps and areas of noncompliance• Oversee the evaluation of third party information security controls to ensure consistency with Navy Federal standards and do not introduce a level of risk not compatible with Navy Federal's risk appetite• Collaborate and build relationships with Procurement & Vendor Management and business units with established relationships with the third party, document and report on issues identified; communicate with stakeholders to determine if relationship should be pursued/continued• Manage development and implementation of information system security policies, practices and standards relative to third party information security oversight and monitoring• Manage development of and implementation of information security education awareness training for employees, and contractors, relative to third party information security oversight and monitoring• Collaborate with leadership of other Information Security teams to ensure coordination and alignment with Information Security's strategic direction.• Serve as liaison with the Office of General Counsel, Compliance, Internal Audit, Information Services, Human Resources, and other business unit leadership and management teams • Establish and monitor program performance metrics for assigned functional area(s), determine gaps in performance for improvements and recommend/implement changes to improve operations• Present analytical findings, recommendations and proposed third party information security oversight changes to senior leadership• Direct communication and information sharing with internal business units• Review internal business unit initiatives to determine risk analysis opportunities and provide guidance for information security third party oversight• Perform supervisory/managerial responsibilities: o Ensure adequate/skilled staffing; select employees o Establish performance goals and priorities o Prepare, conduct, and review performance appraisals o Develop, mentor, and counsel's staff o Provide input and/or prepares budget requirements for Annual Financial Plan (AFP) o Ensure section/branch goals and objectives align with division/department strategy o Ensure efficiency of operations o Supervise daily activities• Perform other duties as assignedQualifications:• Significant experience in vendor risk management and oversight• Significant experience reviewing and negotiating information security contract terms• Significant experience with information security processes, concepts, principles, and methodologies• Bachelor's degree in Information Systems, Computer Science, Engineering, or related field, or the equivalent combination of education, training, and experience• Expert knowledge of applicable federal and state laws, rules, and regulations (i.e., Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)• Expert knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks• Advanced knowledge of Agile processes and methodologies• Significant experience in risk mitigation, strategic planning, and management of personnel• Significant experience working with information security concepts, principles, technologies, and methods, and translating best practices in information security to operations in a risk management framework• Expert knowledge of information technology systems, processes, and application development • Expert organizational, planning and time management skills• Expert research, analytical, and problem-solving skills• Expert skill developing and implementing programs in a leadership role• Expert skill building effective relationships with all levels of staff, management, stakeholders, and vendors, through rapport, trust, diplomacy, and tact• Experience working with internal audit and external examiners• Significant experience collaborating across organizational boundaries and building partnerships across functions• Significant experience leading teams responsible for vendor management and oversight• Expert skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes• Advanced skill exercising initiative and using good judgment to make sound decisions• Advanced verbal, written, interpersonal, and presentation skills to communicate clearly and concisely technical and non-technical information to all levels of management• Desired - Advanced degree in information security, cyber security, information technology, etc.• Desired - Professional Information Security certification (CISSP, CISA, CISM, CRISC)Hours: Monday - Friday, 8:00AM - 4:30PMLocation: Remote | 820 Follin Lane, Vienna VA 22180 | 5550 Heritage Oaks Dr Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 Salary: $109,900 - $206,800Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report onsite 4-16 days each month. The number of days reporting onsite will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and onboarding process. #LI-Remote Equal Employment Opportunity Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/DisabilityCOVID-19 Vaccine InformationAs a COVID-19 safety measure, our employees must either provide proof of COVID-19 vaccination or follow additional safety protocols, including testing.DisclaimerNavy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.Bank Secrecy ActRemains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.Employee ReferralsThis position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.Vacancy expired!