Information Security Analyst II

The Information Security Analyst II will be an expert in Framework implementation, risk management, security control interpretation, control assessments, standards, and enterprise Governance, Risk and Compliance (GRC) tool operations (i.e. RSA Archer). The analyst will understand how NFCU standards apply to the Framework controls, and be able to interpret and articulate both while working with customers. Standards will be kept up to date annually and expanded as needed. Documentation will be kept in detail as to the lifecycle of the standards. The analyst will be using the GRC tool daily, and assisting customers (including Information Security Officers and Business Unit management) with understanding reports and customized dashboards.

• Conduct/lead efforts to implement and sustain an effective risk-based security controls testing program. Support security control attestation efforts and the execution of program and regulatory reviews to ensure compliance with applicable federal and state laws, rules, regulations and NFCU policies and procedures.
• Execute and maintain the Security Control Program framework, Operational Risk policies and procedures and testing methodology.
• Ensure testing engagements are appropriately scoped, follow approved sampling strategies, and have clear test scripts and well-organized documentation of the work performed.
• Acquire, process, and synthesize data from multiple sources to identify potential business risks, operational and regulatory process deficiencies, and improvement opportunities. Craft cohesive recommendations and corrective action plans that are practical and actionable.
•  Prepare and present review findings and potential solutions to management and/or affected business units.
• Maintain effective communication with other business units and support teams to remediate errors and assist with implementation of corrective actions. 
•  Assist in the training and development of staff. Serve as coach/mentor.
• Promote a strong-minded risk culture and contribute to a culture of collaboration by actively working across business lines and sharing knowledge.
• Stay abreast of industry and regulatory compliance standards, new and developing security risk trends and best practices.
• Perform other duties as assigned.

• Bachelor’s degree in business administration, auditing, or related field or equivalent combination of training, education, and experience.
• Strong understanding of operational and regulatory risk control concepts, risk-based auditing techniques and methodologies.
• Demonstrated ability to independently complete multiple engagements with minimal supervision.
• Experience researching and evaluating compliance with applicable federal and state regulations and industry best practices.
• Strong analytical/quantitative, reconciliation and deductive reasoning skills.
• Consistently maintain a high level of accuracy and attention to detail in work product.
• Demonstrate resilience to perform effectively in a variety of environments including working in a team environment or independently, working in new areas with minimal background and working with ambiguous instructions. 
• Excellent organizational, planning, and time management skills.
• Effective communication and negotiation skills with ability to exercise good judgement and tact in dealing with all levels of employees and management within and outside the organization. 
• Effective presenting information clearly and concisely both orally and written.
• Effective communication of complex technical or control concepts to non-technical audiences.
• Effective skills with Microsoft Word, Excel, PowerPoint, Visio, and SharePoint.

Desired Qualifications

• Master's Degree in related field or equivalent combination of training, education, and experience.
• CISSP, CISM, CISA, CRISC, CCSP, CRCM, CCEP, NCCO, CRCM, CFE or other security, compliance, or risk management certifications.
• Knowledge of Navy Federal's functions, philosophy, products, and services.
• Skills, knowledge, and experience relevant to information security itself, fraud terminology or information security trends, and applicability to regulatory requirements.
• Knowledge of COSO, COBIT, FFIEC, GLBA, NCUA, NIST, ISO 27001/27002, SANS/CIS 20PCI DSS, CSA, CIS, ENISA and/or other Information security requirements and frameworks.

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive Pensacola, FL 32526 | 141 Security Drive Winchester, VA 22602 | Remote

Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

• Best Companies for Latinos to Work for 2024
• Computerworld® Best Places to Work in IT
• Forbes® 2024 America’s Best Large Employers
• Forbes® 2023 The Best Employers for New Grads
• Fortune Best Workplaces for Millennials™ 2023   
• Fortune Best Workplaces for Women ™ 2023       
• Fortune 100 Best Companies to Work For® 2024
• Military Times 2023 Best for Vets Employers
• Newsweek Most Loved Workplaces 
• Ripplematch Campus Forward Award - Excellence in Early Career Hiring
• Yello and WayUp Top 100 Internship Programs

Equal Employment Opportunity: Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability EOE/AA/M/F/Veteran/Disability

Hybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.