Information Security Principal

Location: VA Vienna - Headquarters Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description

Basic Purpose

To drive embedding security seamlessly into Navy Federal’s products, the Security Principal will serve as a technical subject matter expert working with ISD and Digital teams.  The candidate will collaborate with engineers, internal teams, and vendors to determine security requirements and support all phases of product integration, operations, and maintenance to ensure a secure Navy Federal environment. Execute highly visible tasks or lead small projects that have executive management level visibility. Work independently.


Responsibilities:

• Determine security strategy and requirements by evaluating Navy Federal’s enterprise and business strategy.
• Understand current and emerging security threats, identify security capabilities and assist with countermeasures to mitigate threats.
• Conduct security and vulnerability analysis and risk assessments for new initiatives and technologies, review architecture, design and implementation of new platforms and identify security gaps and issues.
• Serve as an information security subject matter expert providing advisory and consulting services, assessing the business impact of cyber risks to Navy Federal to identify options and recommendations for mitigation.
• Provide security related coaching and expertise to drive and elevate security expertise within enterprise architecture.
• Lead security innovation by reviewing industry security standards and emerging security practices through collaboration and learning from industry professionals and consortiums.
• Perform other duties as assigned


Qualifications and Education Requirements:

• Bachelor’s Degree in Information Technology or the equivalent combination of education, training or experience
• 8 years or more experience in the field of cybersecurity and/or enterprise architecture
• Expert knowledge in security best practices, principles and common security frameworks such as NIST and ISO
• Knowledge of secure architecture and design patterns for Web, Mobile and Microservices
• Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
• Experience securing cloud infrastructure and applications
• Advanced organizational, planning and time management skills
• Advanced communication,  presentation  and analytical skills
• Desired: Advanced degree in Information Technology, or the equivalent combination of education, training or experience
• Desired: CISSP, CISM  or other related Information Security certifications