Summer Associate Internship (Security/Cyber Standards & Assurance)

Overview

The Security Governance & Risk's (SG&R) Security / Cyber Standards & Assurance provides services to test and confirm compliance with the Security Standards by developing, advocating for, and reviewing compliance with, Security Control Requirements.

Teams include Standards, Standards Compliance & Authorization, Assurance Monitoring and Analytics, and Controls Testing / Regulatory Compliance.

Summer Associates working within this area will be aligned with a respective team and be provided opportunities to collaborate and be exposed to the other teams through daily operations and a meaningful project.

Standards Compliance & Authorizations Team

Processes requests for Exceptions to Security Standards, to address situations in which Business Units must be temporarily exempted from specific security controls defined in NFCU.

These requests are risk-assessed and coordinated to ensure that no new exposures are introduced to Navy Federal as a result of the Exceptions, and that the circumstances requiring them are remediated in an effective and timely manner by the requesting Business Unit.

Summer Associate - Standards Compliance & Authorizations will develop a working knowledge of Navy Federal's security standards and share how and why security standards apply to the business thereby supporting the need for controls.

The Associate will assess exception requests and determine the residual risk through assessment of inherent risk and effective controls.

The summer associate will support daily operations, including reviewing, assessing, and processing requests for Exceptions and Authorizations in alignment with Navy Federal Security Standards, enterprise risk appetite, and industry best practices.

The Associate will be expected to perform research, participate in meetings, and aid business units in ensuring the completeness, accuracy, and validity of their respective requests.

The Associate will assist in the evaluation of approved Exceptions and Authorizations as they come due for recertification.

Assurance Monitoring and Analytics Team

Responsible for compiling, computing, managing, and presenting data in a meaningful and consistent manner as it relates to Security Programs.

Our team performs full stack data analytics including API calls / SSIS packages to acquire data, aggregate and verify, and present to stakeholders as actionable data sets in readable formats.

Summer Associate - Assurance Monitoring and Analytics Team will work to develop and apply a working knowledge of advanced security and asset toolsets and automation principles to design new, and enhance current, architecture as it relates to Information Security.

Controls Testing / Regulatory Compliance

The Controls Testing / Regulatory Compliance Team validates that security controls are designed, implemented, and operating effectively and follow NFCU Security Standards, industry regulations, and selected industry frameworks, where applicable.

The Program's scope is focused on process-based testing, primarily utilizing the Risk Control Self-Assessment (RCSA) testing approach as defined by the Enterprise Risk to ensure defined controls are implemented and operating effectively.

RCSA Process-based Controls Testing aims to assess and provide assurance that identified security-related controls are designed and operating effectively to mitigate security risk.

The primary workstreams / services the summer associate may contribute to include :

• Security Controls and Regulatory Compliance Testing, and Validation Services
• Risk & Control Self-Assessment ("RCSA") Process-based Controls Testing
• Horizontal Validation Testing
• Remediation Testing
• Regulatory Compliance Testing
• Special Projects
• Reporting Services

Summer Associate - Controls Testing / Regulatory Compliance will analyze and evaluate new and existing security programs, procedures, and controls designed to protect corporate information systems and assets.

The Summer Associate Program is a 12-week internship program beginning in May 2025 and ending in August 2025. Students will work on impactful projects and meaningful work during their internship.

To qualify for this position, applicants must be currently pursuing a degree from an accredited college or university and have an anticipated graduation date of December 2025 or later.

Responsibilities

Standards Compliance & Authorizations Team

• Review, assess, and process Security Standard Exception requests based on residual risk, justification, and remediation plan.
• Review, assess, and process Security Authorization requests where business activities require approval in alignment with Security Standards.
• Participate in peer reviews of requests for completeness, accuracy, and validity using established review processes.
• Leverage various communications channels and participate in meetings with stakeholders to obtain required information.
• Keep current with Cybersecurity best practices and industry trends and apply these practices as appropriate.
• Perform other duties as assigned.

Assurance Monitoring and Analytics Team

• Assess the data aggregation to identify best practices, shifting trends, and areas of opportunity for the organization.
• Become integrated into and participate in the day-to-day strategy, analysis, and operations.
• Develop recommendations for strategic initiatives or program changes that the Security organization could / should pursue based on findings, support recommendations with data and empirical evidence, and develop a roadmap or action plan as applicable.
• Review and advise on policy verbiage and security control implementation.

Controls Testing / Regulatory Compliance

• Advise on the design of security-related controls.
• Assess and provide assurance that expected controls are designed and operating effectively to mitigate security risks.
• Provide control recommendations that support risk mitigation.
• Verify and validate completed test by others of security-related controls to ensure compliance with applicable NFCU control testing requirements.
• Provide direct testing or validation of remediation efforts.
• Verify Security BUs are performing / completing processes in compliance with applicable regulations and provide recommendations to the BU to enhance internal processes and procedures and ensure regulatory compliance.

Qualifications

• Currently pursuing a degree in Information Systems, Computer Information Systems, Computer Science, Applied Analytics, Data Science, or other related degree
• Strong verbal, written and interpersonal communication skills to technical writing.
• Effective planning and organizational skills
• Ability to work independently and think outside of the box.
• Strong strategic, critical, and analytical thinking skills
• Knowledge of, or experience with, security risks, processes, and controls
• Knowledge of applicable federal and state laws, rules, and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), etc.)
• Knowledge of NCUA, FFIEC, GLBA, NIST (including the Cyber Security Framework and 800 Series), SANS / CIS 20, PCI DSS, and other Information Security requirements and frameworks
• Strong analytical, research, and problem-solving skills
• Experience in the credit union / financial services industry, with a focus on cybersecurity compliance and risk assessment.
• Knowledge of data security controls and procedures including authentication, access, network security, event logging / monitoring, and encryption
• Experience with research, analysis, and data manipulation.
• Comfort working with large datasets and telling stories with data.
• Experience using data and tools including Axonius, Tenable, Splunk
• Comfort / confidence in dealing with executives in technical discussions.

About Us

Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed;

and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

• Best Companies for Latinos to Work for 2024
• Computerworld Best Places to Work in IT
• Forbes 2024 America's Best Large Employers
• Forbes 2023 The Best Employers for New Grads
• Fortune Best Workplaces for Millennials 2023
• Fortune Best Workplaces for Women 2023
• Fortune 100 Best Companies to Work For 2024
• Military Times 2023 Best for Vets Employers
• Newsweek Most Loved Workplaces
• Ripplematch Campus Forward Award - Excellence in Early Career Hiring
• Yello and WayUp Top 100 Internship Programs

From Fortune . 2024 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity : Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.

EOE / AA / M / F / Veteran / Disability EOE / AA / M / F / Veteran / Disability

Hybrid Workplace : Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.

Disclaimers : Navy Federal reserves the right to fill this role at a higher / lower grade level based on business need. An assessment may be required to compete for this position.

Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume.

Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position

Bank Secrecy Act : Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.