Lead Analyst, Information Security Controls Program (JC)

Location: Remote Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

• Military Times 2021 Best for Vets Employers
• WayUp Top 100 Internship Programs
• Forbes® 2022 The Best Employers for New Grads
• Forbes® America's Best Employers
• Newsweek Top 100 Most Loved Workplaces
Fortune Best Workplaces for Women
Fortune 100 Best Companies to Work For®
• Computerworld® Best Places to Work in IT

Basic Purpose

To serve as a lead technical expert for the Information Security Controls Program to ensure established controls are adhered to, and maintained across the enterprise. Provide oversight and leadership for Security Controls Program and related projects. Identify key stakeholders and support teams to build, manage and improve effective data security controls. Collaborate with end users, management, stakeholders and external resources to ensure maximum effectiveness of the Security Controls. Serve as subject matter expert for Information Security Controls. Work performed under limited supervision.


•    Oversee the Security Controls Improvement Program and actions taken to remediate outstanding control gaps and areas of noncompliance 
•    Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions
•    Develop and maintain a thorough understanding of Information Security industry standards/trends, best practices, processes and technology; communicate information to team members 
•    Oversee the development of queries and report
•    Conduct analysis and evaluation of data security standards
•    Manage the Information Security Risk Register containing records of outstanding control gaps, and areas of noncompliance with Information Security Instructions and Standards, both internal to Navy Federal and external to service providers 
•    Analyze and monitor NFCU’s Information Security posture and the status of remediation efforts 
•    Develop key performance metrics to ascertain if established Information Security Controls are adequate 
•    Partner with key stakeholders to plan and develop remediation plans 
•    Conduct planning, scheduling, budgeting, and resourcing for Information Security Controls projects 
•    Lead cross-functional teams to identify and assess information security risks for NFCU information systems and networks; make recommendations to management 
•    Lead the assessment of enterprise risk focusing on security control and protection of member and employee Personal Identifiable Information (PII); make recommendations to management 
•    Conduct service provider reviews 
•    Oversee vendor relationships to ensure product, service, and quality meet and/or exceed expectations and contract requirements 
•    Conduct Security Exception reviews to ensure compliance with Information Security Standards; identify and resolve issues 
•    Perform quality control audits of Analysts’ work to ensure compliance with applicable federal and state laws, rules, regulations, and NFCU policies and procedures 
•    Maintain thorough knowledge of and ensure compliance with applicable federal and state laws, rules, regulations and NFCU policies and procedures (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
•    Oversee and provide training to Analysts’ regarding procedures, protocols, standards and controls 
•    Assign and prioritize workload for Information Security Programs team
•    Build and maintain effective relationships with team members, management, key stakeholders and/or external contacts, vendors, etc.
•    Lead, guide and mentor less experienced Analyst team members
•    Perform other duties as assigned


•    Bachelor’s degree in Computer Science, Information Security, or the equivalent combination of training, education, and experience
•    Advanced knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
•    Advanced knowledge of NCUA,FFIEC, GLBA,  ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
•    Expert knowledge of project management processes and methodologies
•    Extensive experience in information security processes, concepts, principles, and methodologies
•    Experience in Security policy and procedure development
•    Significant experience in auditing principles and frameworks such (e.g., COSO, Cobit 4.1, NIST, and SANS)
•    Extensive experience in performing audit and information security risk assessments
•    Extensive experience in working with all levels of staff, management, stakeholders, and vendors
•    Extensive experience in creating, generating and maintaining data, reports, queries, etc.
•    Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals
•    Expert research, analytical, and problem solving skills
•    Expert skill presenting findings, conclusions, alternatives and information clearly and concisely
•    Expert skill in producing desired results and achieving goals and objectives
•    Expert organizational, planning, and time management skills
•    Expert skill building effective relationships through rapport, trust, diplomacy, and tact
•    Significant experience in leading, guiding and mentoring others
•    Expert verbal and written communication skills
•    Expert word processing and spreadsheet software skills
•    Expert database and presentation software skills
•    Advanced skill in results-oriented leadership in a challenging environment
•    Exposure to the banking/financial services industry with a focus on Information Security and Information Technology
•    Familiarity with information security risks and countermeasures

Desired Qualifications:

•    Master’s degree in Computer Science, Information Security, or related field
•    Working knowledge of NFCU’s mission, objectives, functions, and policies
•    Experience in the financial services industry with a focus on information security and information technology
•    Working knowledge of information security risks and countermeasures
•    Professional certification in the information security sector (CRISC, CISM, CISSP)

Hours:  Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | Remote

Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report on-site 4-16 days each month. The number of days reporting on-site will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and on boarding process.

Salary Range: $98,500 - $168,400 annually

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

Posting End Date: 04/16/2023

Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume.


Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Employee Referrals

This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.