Manager, Security Controls Assurance (Manager, Information Security Programs) (BW)

Navy Federal Credit Union
Winchester, VA
23 Apr 2024

Vacancy expired!

YOUR LIFE'S MISSION: POSSIBLE You have goals, dreams, hobbies and things you're passionate about.

What's Important to You Is Important to UsWe're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen.

Don't take our word for it.

• Military Times 2021 Best for Vets Employers• WayUp Top 100 Internship Programs• Forbes® 2022 The Best Employers for New Grads• Forbes® America's Best Employers• Newsweek Top 100 Most Loved Workplaces• Fortune Best Workplaces for Women• Fortune 100 Best Companies to Work For®• Computerworld® Best Places to Work in IT

Basic Purpose Plan, direct, test and manage the design and effectiveness of security controls to protect information assets (e.g., systems) and enable safe implementation of Navy Federal processes, products and services. Provide subject matter expertise and guidance to team members, senior management and functional areas across the enterprise for the protection of information assets. Manage the planning and execution of the controls testing program to ensure established controls are appropriate, adhered to, and maintained across the enterprise. Provide oversight and leadership for Security Controls Program and related projects. Provide support to and collaborate with end users, management, stakeholders and external resources to ensure maximum effectiveness of the security controls. Serve as subject matter expert for security controls.

Responsibilities

• Oversee and direct efforts to implement and sustain an effective risk-based security controls testing program. Support security control attestation efforts and manage the execution of the program and related reviews to ensure compliance with applicable federal and state laws, rules, regulations and NFCU policies and procedures• Promote a strong minded risk culture and contribute to a culture of collaboration by actively working across business lines and sharing knowledge• Develop and maintain the Security Controls Program framework and testing methodology• Manage the identification, tracking and remediation of control deficiencies, develop solutions to strengthen controls, and oversee corrective actions to aid management decisions• Communicate quality assurance procedures, existing protocols, and effective controls to improve products and services• Collaborate with staff, senior management, and business unit partners to assess and support organization risk mitigation needs by developing strategies, tactics, and quality review solutions• Regularly benchmark the security controls testing program to industry best practice security control frameworks; identify gaps and mature program to best in class commensurate with the size and complexity of the organization• Ensure controls have clear test scripts and are mapped to the appropriate risks; maintain Security risk and control taxonomy, catalog and inventory• Evaluate the adequacy of corrective action taken on past reviews and report on the status of commitments, progress and approved recommendations• Stay abreast of regulatory compliance standards, new and developing security risk trends and best practices• Manage and/or conduct systems analyses/assessments and recommend and implement solutions to enhance/upgrade systems• Acquire, process, parse and occasionally combine diverse information to craft cohesive recommendations and corrective actions• Perform other ad hoc duties as necessitated by level of security risk and priority to the Security Division and Department• Perform supervisory/managerial responsibilities:• Set direction to ensure goals and objectives align with corporate and division strategy • Select management and other key personnel; oversee talent development/succession planning• Collaborate with leadership/executive colleagues to develop/execute corporate initiatives and/or department strategy • Oversee the preparation and execution of department/division AFP • Conduct regular performance discussions, complete/deliver evaluations, and manage merit pay in accordance with specified objectives and guidelines

Qualifications

• Master's or Bachelor's Degree in a related field or the equivalent combination of education, training, and/or experience • Extensive hands-on experience managing multi-dimensional teams and projects which involve organization, holding strategy and status meetings, planning, motivating, and managing the work of participants • Strong problem solving and decision making skills and the ability to work independently, exercise sound judgment and initiative, display a high degree of initiative, and manage multiple priorities and stakeholders effectively • Highly effective interpersonal, communication and presentation skills, including the ability to persuade and influence management decisions, to interact effectively with all levels of staff, and to communicate complex information in an easily understandable manner • Good understanding of operational and regulatory risks and controls, including knowledge of information security risk management techniques from prevention, detection and mitigation perspectives • Thorough understanding of COSO operational risk and control assessment methodology and systems (e.g. RCSA and RCMs)• Experience managing and testing controls; supporting/managing internal and external audits and exams of controls testing• Significant knowledge of, and proficiency in, data analysis, reporting, and operations research, including the ability to develop conclusions and feasible alternatives to formulate courses of action • Demonstrated leadership skills and the ability to guide others and prioritize multiple duties to achieve results in a multi-tasked, time sensitive office environment • Microsoft Word, Excel, PowerPoint, Visio, and SharePoint knowledge• Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals• Advanced skill interpreting and applying oral and written instructions • Advanced analytical/quantitative, reconciliation and deductive reasoning skills

Desired

• Bachelor Degree in business, information systems, engineering, economics, mathematics or related field• CISSP, CISM, CISA, CRISC, CCSP, CFE or other Information Security certifications • Knowledge of Navy Federal's functions, philosophy, products, and services • Knowledge of COSO, COBIT, FFIEC, GLBA, NCUA, NIST, ISO 27001/27002, SANS/CIS 20PCI DSS, CSA, CIS, ENISA and/or other Information security requirements and frameworks

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602

Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report on-site 4-16 days each month. The number of days reporting on-site will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and on boarding process.

Salary Range: $116,200 - $213,000 annually

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Posting End Date: 4/23/23

Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume.

#LI-Hybrid

Equal Employment Opportunity Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability

Disclaimer

Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Employee Referrals

This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.
  • ID: #49766122
  • State: Virginia Winchester 22601 Winchester USA
  • City: Winchester
  • Salary: $116,200 - $213,000
  • Job type: Permanent
  • Showed: 2023-04-23
  • Deadline: 2023-06-21
  • Category: Security