Vacancy expired!
Job Description YOUR LIFE'S MISSION: POSSIBLE You have goals, dreams, hobbies and things you're passionate about.
What's Important to You Is Important to UsWe're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen.Don't take our word for it.- FORTUNE 100 Best Companies to Work For®
- Computerworld® Best Places to Work in IT
- FORTUNE® Best Workplaces for Millennials
- Forbes® America's Best Employers
Basic Purpose To plan, direct and manage the analysis and negotiation of Information Security contract terms to effectively protect information systems assets and enable safe implementation of Navy Federal processes, products and services with third party vendors. Provide subject matter expertise and guidance to senior management and functional areas related to third party information security and contract risk.Responsibilities• Conduct expert level, high quality review of information security contract terms for complex and high visibility third party relationships• Negotiate information security contract redlines, and make decisions on efficacy of mitigating controls, alternative language, and risks posed by vendor • Identify, analyze, and quantify the information security risk exposure associated with third party contracts and relationships• Partner with key stakeholders to plan and develop remediation plans to address outstanding contract gaps anddeviations• Ensure compliance with all information security regulatory agency regulations and applicable federal, state, and local laws to minimize risk• Report to senior Security management regarding Navy Federal's Information Security posture and risks related to third party contractual agreements• Review Service Provider assessments performed on third parties with whom Navy Federal is considering doingbusiness, and existing third parties with an established working relationship to inform information security contractual requirements• Collaborate and build relationships with Procurement and business units with established relationships with the service provider; document and report on contract issues identified; communicate with stakeholders to determine if relationship should be pursued/continued• Manage development and implementation of information system security policies, practices and standards• Collaborate with leadership of other Information Security teams to ensure coordination and alignment withInformation Security's strategic direction.• May perform supervisory/managerial responsibilities o Ensure adequate/skilled staffing; select employees o Establish performance goals and priorities o Prepare, conduct, and review performance appraisals o Develop, mentor and counsel staff o Provide input and/or prepare budget requirements for Annual Financial Plan (AFP) o Ensure section/branch goals and objectives align with division/department strategy o Ensure efficiency of operations• Performs other related duties as assignedQualifications• Significant experience in vendor risk management and oversight• Significant experience reviewing and negotiating information security contract terms• Bachelor's degree in Computer Science, Information Security, related fields or equivalent experience• Significant experience with information security processes, concepts, principles, and methodologies• Significant experience in Security policy and procedure development• Significant experience in vendor risk management and oversight• Significant experience in performing Risk Assessments• Significant experience in working with all levels of staff, management, stakeholders, vendors• Advanced knowledge of NCUA,FFIEC, GLBA, ISO 27001/27002,SANS20, PCI DSS and other Information securityrequirements and frameworks• Advanced knowledge of at least one industry-leading risk management framework• Effective skill in results-oriented leadership in a challenging environment • Advanced skill building effective relationships through rapport, trust, diplomacy and tact• Ability to translate complex information security topics and threats into easily understood terms that can beincorporated into business requirements• Advanced verbal and written skills• Advanced organizational, planning and time management skills• Advanced skill in producing desired results to achieve goals and objectives• Advanced research, analysis and problem solving skills• Effective skill in results-oriented leadership in a challenging environment• Desired - Master's degree in Computer Science, Information Security, or related field• Desired - Working knowledge of NFCU's mission, objectives, functions, and policies• Desired - Working knowledge of information security risks and countermeasures• Desired - Professional certification in the information security sector (CRISC, CISM, CISSP)Hours: Monday - Friday, 8:00am - 4:30pmLocation: 820 Follin Lane, Vienna, VA 22180Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadershipEqual Employment Opportunity Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/DisabilityDisclaimerNavy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.Bank Secrecy ActRemains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act. Vacancy expired!
