Overview This role is specifically designated to support the Security Governance & Risk - Issue and Event Management with a focus on data security events, data exfiltration events, cyber incidents as well as third party events. Experience in cyber threat analysis, third party incident response, data breach management, risk management and an understanding of ORM framework as it relates to issue management. Responsibilities include supporting the daily operations of data security event management and partnering with the Office of General Counsel and Compliance to process data security and privacy breach events. Promote operational efficiency and service excellence through appropriate risk management strategies, process improvements and training while reducing and mitigating operational, reputational, legal/regulatory, and financial losses. Provide analytical support and execution for various business strategies to ensure Navy Federal goals are met. Responsibilities
Manage identification of third-party events to engage applicable business partners, InfoSec, Third Party Risk Management, third party vendor and relationship owner
As applicable, articulate implications of risks and issues related to data management and protection to sponsors and risk owners
Assist in gap analysis and identification of applicable IT/Cyber related controls
Assist in the development and execution of Table Top Exercises related to Data security event management
Translate control deficiencies into action plans and provide recommendations to enhance governance practices in alignment with risk and compliance frameworks
Experience in GRC tool submission for data security event tracking and capturing remediation activities
Participate in Security-related special projects, councils, working groups, etc. as a Risk SME
Aid in the development of remediation plans
Facilitate root cause analysis
Assess the impact and likelihood of an issue and provide justification for the ratings
Leverage various communication channels to obtain required information
Support metrics and reporting focused on issues and event processes and results
Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions
Perform other duties as assigned
Qualifications
Bachelor’s Degree in Business Administration, Auditing, Law or related field or equivalent combination of training, education, and experience
Advanced knowledge and understanding of risk-based auditing techniques and methodologies
General knowledge of operational and regulatory risk controls, concepts, and practices
General knowledge of applicable federal and state regulations, company policies, and industry best practices
Proven ability to plan, organize and effectively execute risk mitigation and process improvement initiatives
Ability to maintain professionalism when delivering challenging and unfavorable messages
Advanced organizational, planning and time management skills in order to multi task competing priorities in a fast paced and dynamic environment
Expert skill maintaining accuracy with attention to detail and meeting deadlines
Expert communication and negotiation skills with ability to exercise good judgement and tact in dealing with senior management
Significant experience in collaborating across organizational boundaries and building partnerships across various functions
Expert demonstrating thought-leadership, initiative-taking, decision-making and creativity solving business problems
Desired Qualifications
Master’s or Advanced Degree in Business Administration, Auditing, Law or related field or equivalent combination of training, education, and experience
NCCO, CRCM, or other applicable compliance certification
Working knowledge of Navy Federal’s functions, philosophy, operations and organizational objectives
Advanced knowledge of state and Federal laws; industry regulations, principles, and practices; and company policies that govern the business unit’s products/services
Professional certifications including, but not limited to any of the following: FRM, PRM, ORM, CISA, CISM, CISSP, CGEIT, CRISC, CFE, CPA, CIA, CIPP, ISA, AWS etc.
Working knowledge of the MITRE attack framework
Hours: Monday - Friday, 8:00AM - 4:30PMLocation: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive Pensacola, FL 32526 | 141 Security Drive Winchester, VA 22602 | 9999 Willow Creek Road San Diego, CA 92131 | RemoteAbout Us You have goals, dreams, hobbies, and things you're passionate about—what's important to you is important to us. We're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family, and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen. Don't take our word for it: Military Times 2022 Best for Vets Employers WayUp Top 100 Internship Programs Forbes® 2022 The Best Employers for New Grads Fortune Best Workplaces for Women Fortune 100 Best Companies to Work For® Computerworld® Best Places to Work in IT Ripplematch Campus Forward Award - Excellence in Early Career Hiring Fortune Best Place to Work for Financial and Insurance ServicesEqual Employment Opportunity: Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability EOE/AA/M/F/Veteran/DisabilityDisclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market positionBank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.REQNUMBER: 19914-OTHLOC-300000025809750
Full-time