Manager, Information Security Services

Location: VA Vienna - Headquarters Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

  • FORTUNE 100 Best Companies to Work For®
  • Computerworld® Best Places to Work in IT
  • FORTUNE® Best Workplaces for Millennials
  • Forbes® America’s Best Employers


Basic Purpose

The Manager, Information Security Services is an experienced security professional who has a deep understanding of contemporary security processes and practices across the domain of Information Security with a focus on service delivery to enterprise customers. This role leverages managerial experience to oversee the activities of a high-performing team of InfoSec Security Leads who engage with the as “security champions.” The ideal candidate promotes an employee-driven model that advances the culture of security per financial services industry expectations and values the development of people and teams. Preferred candidates will have experience in maturing and redesigning processes for lean and agile organizations in a digital landscape.


Partnership and Communication
• Maintains a deep understanding and awareness of security practices, processes, and interdependencies across the enterprise, including third party relationships.
• Understand business unit needs from a services perspective, and work to enhance member-facing delivery and the impact of changes while managing protection of data and systems by engagement with key initiatives.
• Promote agility, flexibility, and quality in work to ensure nimble delivery of business value.
• Ensure business unit awareness of and compliance with information security instructions and standards via programs, practices, and activities of the InfoSec Services Leads.
• Suggest changes or modifications to security policies/standards/procedures when needed or necessary to address the changing threat landscape and business needs.
• Identify emergent themes or issues to help mature the Information Security Program in meeting regulatory requirements while operating in a “members first” manner.
• Advise on information security issue/incident management activities to help avoid material damages to the organization and business units (audit, NCUA, self-identified, etc.)
• Cultivate diverse perspectives and establish an inclusive team environment to promote new solutions, ideas, and make room for all voices.
• Articulate the implications of risks and issues to business owners, assist with management of security exceptions, and help clarify the relationship between business and IT risks.
• Serve as point of escalation for business units, initiatives, and ISD teams for compliance with internal Information security policies and standards as well as externally-driven information security regulations and internal processes.
• Participate in Information Security-related councils and working groups and tiger teams when needed.
• Execute administrative duties and performance reviews of InfoSec Services Leads on a fair and timely basis per NFCU HR requirements.
• Perform supervisory/managerial responsibilities:
   o Ensure adequate/skilled staffing; select employees
   o Establish performance goals and priorities
   o Prepare, conduct and review performance appraisals
   o Develop, mentor and counsel staff
   o Provide input and/or prepare budget requirements for Annual Financial Plan (AFP)
   o Ensure section/branch goals and objectives align with division/department strategy
   o Ensure efficiency of operations
   o Leadership Level – Supervise daily activities

Education and Awareness
• Promote organizational cybersecurity and information security awareness activities and implement security awareness concepts locally, customizing communications to be suitable for the relevant stakeholders.
• Ensure InfoSec Services team has firm understanding of security standards and have the ability to articulate controls to business units and strategic initiatives. Supports the BISO mission and test of controls to mitigate risk across the organization.
• Ensure security-based training materials are specific to business units and that they are accurate and up to date.
• Maintain awareness of changes across the Information Services Division and works with related teams to maintain alignment of system criticality and risk for technical SLAs and business continuity needs.

Qualifications and Education Requirements:

Minimum Knowledge & Skills Required:
• Bachelor's degree required (or equivalent background of work experience and military service)
• Ten years minimum experience in cybersecurity, information security, and/or information technology or related field
• Possess a working knowledge of the activities within the lines of business; experience in the financial industry preferred with knowledge of industry standards (FFIEC, GLBA, NCUA, PCI DSS)
• High level of communication and interpersonal skills to interact with leaders at multiple levels and facilitate and manage team interactions
• Ability to present and give talks, facilitate workshops and discussions, and create compelling and engaging presentations to an array of audiences
• Experience as a process owner, responsibility for introducing and optimizing processes, practices, and changes at an enterprise level and coordinating across business units effectively
• Strong understanding of risk management and regulatory requirements pertaining to information security, privacy and/or data protection
• In-depth understanding of industry standards and practices (ISO, NIST, COBIT, COSO, ITIL)
• Experience leading and managing a team, directly managing individuals and developing their career trajectory
• Ability to manage multiple, complex priorities and competing agendas without express authority over teams
• Ability to interpret and fairly apply policies and regulations across a large, complex business
• Analytical aptitude with an emphasis on using an inquiry-based approach, methodical critical questioning and logical thinking; good judgment; and ability to identify and report on key metrics

Desired Qualifications and Education Requirements:
• Experience managing diverse teams and handling administrative and human resources actions
• Mastery of industry knowledge: CISSP, CISM, and other security certifications preferred
• Mastery of industry standards as shown by certifications: (ISACA, NIST, COBIT, COSO, ITIL)
• Experience (and preferably certification) in agile methods and ways of working; Six Sigma or process analysis and/or change management background

Hours: Monday - Friday, 8:00am - 4:30pm

Location: 820 Follin Lane, Vienna, VA 22180

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.
An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.


Employee Referrals

This position is eligible for the TalentQuest employee referral program. Please indicate the employee who referred you when applying.