Overview
Information Security Analyst III/Security Process Assurance & Regulatory Compliance Jobs in Vienna, Virginia, USA at Navy Federal Credit Union
Title: Information Security Analyst III/Security Process Assurance & Regulatory Compliance
Company: Navy Federal Credit Union
Location: Vienna, Virginia, USA
Type: Full Time
Category: IT/Tech, Security
Position: Information Security Analyst III (Security Process Assurance & Regulatory Compliance)
Information Security Analyst III (Security Process Assurance &
Regulatory Compliance
)
Navy Federal Credit Unionis an armed forces bank serving the Navy, Army, Marine Corps, Air Force, Space Force, Coast Guard, veterans, DoD & their families. Join now!
The Information Security Analyst will be an expert in information security risk, risk management, security control interpretation, control assessments, standards, and enterprise Governance, Risk and Compliance (GRC) tool operations (i.e. Service Now, Logic Manager). The analyst will understand how NFCU standards apply to the Framework controls, and be able to interpret and articulate both while working across the enterprise to ensure alignment.
The analyst will be a specialist in contemporary information and cybersecurity threats and be able to advise on mitigation to business units. The analyst will have expertise to advise projects, programs, and strategic initiatives for secure design and development of organizational systems.
This position is eligible for the Talent Quest employee referral program.
Responsibilities
Analyzes and evaluates existing information security programs and procedures to protect corporate information systems assets from intentional or inadvertent modification, disclosure, or destruction.
Offer expertise, written and oral, with excellent customer service, in interpretation of security controls, risk and overall results to business units andleadershipas needed.
Analyze, articulate and write control assessment results, from manual and automated methods, in addition to the operational and residual risk of the asset/system. Communicate often results with the customer in order to facilitate remediation as quickly as possible.
Understand and execute the NIST Cyber Security Framework (CSF), risk management, and applied security controls from NIST, PCI DSS, NCUA, CFPB and other FFIEC control standards as assigned.
Conduct comprehensive security control assessments according to NIST frameworks to (examine, interview, test) systems and assets.
Write guidelines for stakeholders pertaining to the enterprise framework, control assessments, remediation plans, and other topics as directed; work with the communications team in refining products to make appropriate for intranet consumption.
Document issues as findings within the relevant tool; track remediation plans with business units; track, report on, and understand existing security exceptions for assigned systems or assets.
Run recurring compliance (findings) reports as needed from the GRC tool that are accurate, timely, and in a format presentable for executives and business unit stakeholders.
Write and update standards as directed, identifying and communicating gaps and changes as needed. Understand their mapping to specific security controls within the GRC tool. Interpret, explain and educate the standards to customers as needed.
Performs risk assessments of business processes, systems and applications.
Analyzes and evaluates the design and operating effectiveness of Information technology and security controls that are in place.
Evaluates current business practices against regulatory and industry benchmarks.
Performs assessments of new and existing vendors’ IT environments in protecting Navy Federal information assets from data compromise and/or identity theft.
Communicates with interna…
