Information Security Program Analyst II

Location: Remote Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

  • FORTUNE 100 Best Companies to Work For®
  • Computerworld® Best Places to Work in IT
  • FORTUNE® Best Workplaces for Millennials
  • Forbes® America’s Best Employers


Basic Purpose

To serve as a technical expert for the Information Security third party risk management team to ensure established controls are adhered to and maintained across the enterprise’s third party footprint. Provide oversight and leadership, and function as a lead analyst for the third party assessment program and related projects. Identify key stakeholders and support teams to build, manage and improve effective third party oversight. Collaborate with end users, management, stakeholders and external resources to ensure maximum effectiveness of the Information Security third party risk management function. Serve as subject matter expert for Information Security third party risk management performed under limited supervision.


•    Conducts efficient, high quality third party risk assessments for complex third-party relationships
•    Analyzes third party questionnaire responses, evidence, or external audit reports to confirm third party compliance with control expectations
•    Produces professionally written reports and executive summaries of third party assessment results
•    Facilitates meetings with management, employees, and third parties to educate on Information Security third party risk management processes, conduct assessments or follow up conversations, and communicate results
•    Maintains thorough knowledge of and ensure compliance with applicable federal and state laws, rules, regulations and NFCU policies and procedures (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
•    Builds and maintains effective relationships with team members, management, key stakeholders and/or external contacts, vendors, etc.
•    Reviews third party remediation actions taken to address outstanding control gaps and areas of noncompliance 
•    Keeps current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions
•    Develops and maintains a thorough understanding of Information Security industry standards/trends, best practices, processes and technology; communicate information to team members 
•    Maintains a continuous process improvement work environment, recommending and implementing new/improved systems in accordance with industry standards and best practices
•    Works independently with limited guidance from others 
•    Perform other duties as assigned

Required Qualifications:

•    Experience in the financial services industry with a focus on information security and information technology
•    At least 5 years of experience in information security processes, concepts, principles, and methodologies
•    Experience in performing audit and information security risk assessments on third parties
•    Knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
•    Knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks
•    Experience that demonstrates knowledge of information security analysis and design techniques 
•    Experience that demonstrates knowledge of data security practices and procedures, including risk assessment, authentication technologies, and security attack pathologies 
•    Effective planning and organizational skills 
•    Effective research, analytical and problem solving skills 
•    Effective verbal, written and interpersonal communication skills, including skill in negotiating and persuading others 
•    Ability to present findings and conclusions clearly and concisely 
•    Experience in working with all levels of staff, management, stakeholders, and vendors
•    Skill building effective relationships through rapport, trust, diplomacy, and tact
•    Strong word processing and spreadsheet software skills

Desired Qualifications:

•    Bachelor’s Degree in business, information systems or related field 
•    CISSP, CISA CCSP or other Information Security certifications 
•    Knowledge of Navy Federal operations

Hours: Monday - Friday, 8:00am - 4:30pm

820 Follin Lane, Vienna, VA 22180
5550 Heritage Oaks Drive, Pensacola, FL 32526
141 Security Drive, Winchester, VA 22602

Colorado resident salary range: $83,600 - $120,700

*Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership* 

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.
An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.


Employee Referrals

This position is eligible for the TalentQuest employee referral program. Please indicate the employee who referred you when applying.