Security Controls Analyst

Posted Jan 10

Basic Purpose:

To analyze, validate, and monitor an enterprise-wide technical architecture and controls focusing on information security. To conduct analysis of critical information security systems, network architectures and infrastructures to detect information security deficiencies and provide complex problem resolution.

Responsibilities:

  • Advises on designs and implementation of operational security policies and security solutions based on security standards and best practices. Analyzes, evaluates and determines security risks for submitted requests. Participates in reviewing and analyzing internal projects that may have an impact on information security. Participates in reviewing and analyzing external connectivity issues that may impact security of Navy Federal and customers' information. Coordinates with and supports information security efforts and provide guidance on risks and vulnerabilities related to common application protocols and Web services security.
  • Supports a security philosophy of risk mitigation through proactive security awareness training, cost effective countermeasures, host-level security and security planning/integration. Assists in ensuring currency and authentication, encryption, and intrusion detection methods. Identifies and correlates security data and information technology and security risks.
  • Serves as a consultant for all business unit/IT security issues and problems. Evaluates problem, identifies the root causes, coordinates resources, advises on temporary measures and/or permanent solutions and recommends and/or implements measures to restore full services. Escalates and works with Senior or Lead levels to resolve more complex situations.
  • Participates in new technology evaluations and implementations of information security systems. Researches and evaluates impact of the implementation of new security measures, systems and technologies into the corporate infrastructure, ensuring security best practices are met.
  • Maintains technical certifications in enterprise-wide information security competencies, network operating systems, network configuration, and tools development languages.
  • Participates in the design and development of training for technical staff on information security technologies, methodologies, and best practices related to information security controls. Participates in the development of maintenance of formal documentation and procedures for information security controls testing.
  • Performs other related duties as assigned

Qualifications and Education Requirements:

  • Experience that demonstrates knowledge and skill of information security technology
  • Experience in testing and reporting of security controls
  • Experience that demonstrates knowledge of information security analysis and design techniques
  • Experience that demonstrates knowledge of data security practices and procedures, including risk assessment, authentication technologies, and security attack pathologies
  • Experience in project planning and resource management
  • Effective planning and organizational skills
  • Effective research, analytical and problem solving skills
  • Effective verbal, written and interpersonal communication skills, including skill in negotiating and persuading others
  • Ability to present findings and conclusions clearly and concisely
  • Knowledge of NCUA and FFIEC regulations, GLBA, PCI, and other information security requirements and frameworks

Desired Qualifications and Education Requirements:

  • Bachelor Degree in business, information systems or related field
  • CISSP, CISA CCSP or other Information Security certifications
  • Knowledge of Navy Federal operations
  • Strong knowledge of the financial services industry