This job posting is no longer active

Manager, Information Security Programs

Location: VA Vienna - Headquarters Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

  • FORTUNE 100 Best Companies to Work For®
  • Computerworld® Best Places to Work in IT
  • FORTUNE® Best Workplaces for Millennials
  • Forbes® America’s Best Employers


Basic Purpose

To plan, direct and manage the analysis of Information Security risk management programs to effectively protect information systems assets and enable safe implementation of Navy Federal processes, products and services. Provide subject matter expertise and guidance to senior management and functional areas for the protection of information systems assets. Supervise the development of Information Security awareness campaigns and training.


• Plan, identify, develop and manage the analysis of enterprise information security risk exposure associated with current and new business processes
• Lead cross-disciplinary teams to identify and assess information security risks for Navy Federal information systems and networks
• Lead the assessment of enterprise risk focusing on security control and protection of member and employee Personal Identifiable Information (PII)
• Partner with key stakeholders to plan and develop remediation plans to address outstanding control gaps and areas of noncompliance
• Ensure compliance with all regulatory agency regulations and applicable federal, state, and local laws to minimize risk
• Report to senior Security management regarding Navy Federal's Information Security posture and the status of remediation efforts to address control gaps and resolve areas of noncompliance
• Manage the Information Security Risk Register containing records of the outstanding control gaps, and areas of noncompliance with Information Security Instructions and Standards
• Assist in leading the planning, scheduling, budgeting, and resourcing of the Security Controls Improvement Program, Data Security Risk Mitigation Program and other projects focused on remediation of outstanding control gaps and areas of noncompliance
• Oversee Service Provider reviews performed on third parties with whom Navy Federal is considering doing business, and existing third parties with an established working relationship
• Evaluate controls of the service providers to ensure consistency with Navy Federal standards and do not introduce a level of risk not compatible with Navy Federal’s risk appetite
• Manage the development and execution of service provider reviews to include clearly defined timelines and expectations with third party vendors to ensure adequate documentation is obtained for research and analysis
• Collaborate and build relationships with Procurement and business units with established relationships with the
service provider; document and report on issues identified; communicate with stakeholders to determine if
relationship should be pursued/continued
• Manage development and implementation of information system security policies, practices and standards
• Manage development of and implementation of information security education awareness training for members,
employees, and contractors.
• Collaborate with leadership of other Information Security teams to ensure coordination and alignment with
Information Security’s strategic direction.
• Perform supervisory/managerial responsibilities = JDR00000081
- Ensure adequate/skilled staffing; select employees
- Establish performance goals and priorities
- Prepare, conduct, and review performance appraisals
- Develop, mentor and counsel staff
- Provide input and/or prepare budget requirements for Annual Financial Plan (AFP)
- Ensure section/branch goals and objectives align with division/department strategy
- Ensure efficiency of operations
- Leadership Level
• Performs other related duties as assigned


• Bachelor’s degree in Computer Science, Information Security, related fields or equivalent experience
• Significant experience with information security processes, concepts, principles, and methodologies
• Significant experience in Security policy and procedure development
• Significant experience in vendor risk management and oversight
• Significant experience in performing Risk Assessments
• Significant experience in working with all levels of staff, management, stakeholders, vendors
• Extensive experience in developing and maintaining enterprise risk programs focusing on information security
• Extensive experience in auditing principles and frameworks such as COSO, Cobit 4.1 and NIST and SANS
• Advanced knowledge of NCUA,FFIEC, GLBA, ISO 27001/27002,SANS20, PCI DSS and other Information security
requirements and frameworks
• Advanced knowledge of at least one industry-leading risk management framework
• Effective skill in results-oriented leadership in a challenging environment Advanced skill building effective
relationships through rapport, trust, diplomacy and tact
• Ability to translate complex information security topics and threats into easily understood terms that can be
incorporated into business requirements
• Advanced verbal and written skills
• Advanced organizational, planning and time management skills
• Advanced skill in producing desired results to achieve goals and objectives
• Advanced research, analysis and problem solving skills
• Effective skill in results-oriented leadership in a challenging environment
• Desired – Knowledge of Navy Federal’s mission, objectives, functions and policies
• Desired – Experience in the financial services industry with a focus on information security and information
• Desired – Knowledge of information security risks and countermeasures
• Desired – Professional certification in the information security sector (CRISC, CISM, CISSP)
• Desired – Experience in audit / information security assessment

Hours: Monday - Friday, 8:00am - 4:30pm

Location: 820 Follin Lane, Vienna, VA 22180

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.
An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.