Manager, Cloud Security

YOUR LIFE'S MISSION: POSSIBLE

You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

• Military Times 2021 Best for Vets Employers
• WayUp Top 100 Internship Programs
• Forbes® 2021 The Best Employers for New Grads
• Forbes® America's Best Employers
• Newsweek Top 100 Most Loved Workplaces
• 2021 People Companies that Care
• Fortune Best Workplaces for Women
• Fortune 100 Best Companies to Work For®
• Fortune Best Workplaces for Millennials
• Computerworld® Best Places to Work in IT

Basic Purpose

Come join the Threat Discovery & Assessment (TDA) team within Navy Federal’s Cloud Security Group. In this role, you will lead a dynamic agile team responsible for threat modeling, security testing, and continuous threat discovery of Navy Federal cloud workloads. 
The Manager, Cloud Security is an experienced information security professional who has a deep understanding of modern security processes and practices across the domain of cloud security. This person fulfills a “blue team” cloud security product owner role leading an agile team responsible for designing, implementing, and operationalizing capabilities for securing cloud infrastructure and workloads. They define strategy for the team and lead the implementation of continuous security monitoring practices along with threat and vulnerability prevention, runtime protection, and response capabilities on cloud assets. 

Responsibilities:
•    Develops and manages product roadmap for continuous cloud attack surface discovery, workload risk assessment, and continuous threat analysis 
•    Develop a container security strategy for securing cloud workloads from the build to the runtime environment
•    Subject matter expert in cloud security architecture best practices such as identify and access management, secrets management, data classification, data protection and encryption, network security, infrastructure hardening, and logging and alerting based on IaaS/PaaS/SaaS use cases 
•    Partners with continuous monitoring teams for translating cloud security policies and standards into machine-readable, automated guardrails using cloud-native, open source, custom scripting, and commercial security tools
•    Consulted on continuous monitoring practices to verify security properties at runtime with continuous feedback to teams responsible for triage, detect tracking, and remediation workflows
•    Leads preventative feedback loop discussions with development teams and continuous improvement processes for preventing runtime vulnerabilities 
•    Complements automation with establishing human-led processes for privileged access reviews, permission reviews to enforce least privilege, account de-provisioning, and credential management best practices 
•    Partners with incident response teams to develop and implement monitoring and contextual alerting capabilities targeting cloud infrastructure and runtime assets for the security operations center, including integration with SEIM/SOAR technologies
•    Defines automation strategy to report metrics and key performance indicators (KPIs) to reflect overall cloud security health to senior leadership
•    Partners with Scrum Master to define epics and features and manage a high performing agile team; signs off on work product delivered by cloud security engineers
•    Consult and coordinate with BISOs, project managers, business application developers and ISD technical staff on projects to implement cloud security capabilities; recommend modifications as appropriate; provide expert technical consultation for new technology implementations
•    Promotes agility, flexibility, and quality in work to ensure nimble delivery of business value 
•    Suggests changes or modifications to security policies/standards/procedures specific if needed or necessary for changing cloud threat landscape and business area needs
•    Advise on issues management activities for issues relating to information security on cloud assets to avoid material damages to the organization and business units (audit, NCUA, self-identified, etc.)
•    Cultivates diverse perspectives and establishes an inclusive team environment to promote new solutions, ideas, and make room for all voices 
•    As applicable, articulate implications of risks and issues to business owners, assist with security exceptions; ensure alignment to business and ISD identification of risks
•    Serve as point of escalation for business units, initiatives, and ISD on compliance with internal Information security policies and standards as well as externally driven information security regulations and internal processes
•    Participate in Information Security-related councils and working groups and tiger teams, as appropriate and needed
•    Perform supervisory/managerial responsibilities
    o    Ensure adequate/skilled staffing; select employees
    o    Establish performance goals and priorities
    o    Prepare, conduct, and review performance appraisals
    o    Develop, mentor and counsel staff
    o    Provide input and/or prepare budget requirements for Annual Financial Plan (AFP)
    o    Ensure section/branch goals and objectives align with division/department strategy
    o    Ensure efficiency of operations
•    Perform other duties as assigned

Qualifications and Education Requirements:
•    Bachelor’s degree in Computer Science, Information Security, or related field, or the equivalent education, training, and experience
•    Leadership experience implementing cloud-native application protection platform tools and/or similar cloud security technologies (e.g. Defender for Cloud, Aqua, Prisma Cloud, Orca, Wiz)
•    Experience with modern software delivery infrastructure, agile practices, and/or cloud technology 
•    Experience with one or more cloud platforms (Azure, Amazon, GCP)
•    Significant experience working in an Information Security, Assurance, Cybersecurity and/or Cloud Security operation, preferably in a financial institution
•    Advanced knowledge of applicable federal and state laws, rules, and regulations (e.g., Federal Financial Institutions Examination Manual, National Information of Standards and Technology, and International   Standards Organization, etc.)
•    Advanced knowledge of cloud security processes, concepts, principles, and methodologies
•    Advanced knowledge of NIST CSF, Cloud Security Alliance (CSA) Cloud Controls Matrix, SANS20, PCI DSS, and other Information Security   requirements and frameworks
•    Advanced skill in identifying cloud security risks and recommending appropriate countermeasures
•    Exposure to the banking/financial services industry with a focus on Information Security and Information Technology
•    Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals
•    Advanced skill in results-oriented leadership in a challenging environment with complex governance
•    Expert research, analytical, and problem-solving skills
•    Advanced skill presenting findings, conclusions, alternatives, and information clearly and concisely
•    Advanced skill building effective relationships through rapport, trust, diplomacy, and tact
•    Significant experience in leading, guiding, and mentoring others
•    Expert verbal and written communication skills
•    Advanced technology automation, scripting, word processing, and spreadsheet software skills

Desired Qualifications and Education Requirements:
•    Master’s degree in Computer Science, Information Security, or related field
•    Leadership experience building custom automation using Azure Resource Graph and other scripting languages
•    Subject matter expertise with Azure DevOps, Kubernetes, Mulesoft, Splunk, and Tanzu/Pivotal Cloud Foundry technologies
•    Working knowledge of Navy Federal functions, philosophy, operations, and organizational objectives
•    Deep understanding of cloud security practices, processes, and interdependencies across NFCU and possibly with third parties
•    Microsoft Azure AZ-500 certification (or equivalent in another cloud platform)
•    CCSP, CISSP, or other professional Security Certification

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna VA 22180 | 5550 Heritage Oaks Dr Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | Remote

Salary: $109,900 - $187,900

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.

*Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report onsite 4-16 days each month. The number of days reporting onsite will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and onboarding process.

#LI-Remote

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability

COVID-19 Vaccine Information

As a COVID-19 safety measure, our employees must either provide proof of COVID-19 vaccination or follow additional safety protocols, including testing.

Disclaimer

Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.