Director, Information Security - Risk & Compliance
Manage third-party risk, business continuity risk, and IT operational risk.
Establish and managing controls inventories and performing controls effectiveness reviews.
Lead organization’s Compliance with Vulnerability Management Program efforts.
Manage security compliance staff and provides leadership to support PenFed requirements.
Lead organization’s communications, reporting, observation tracking and remediation activities to address internal audit, outside audit (NCUA, GLBA, etc.) and related enhancements to improve overall IT Security compliance and operations.
Establish key performance indicators and proactively reports to Sr. VP, IT Security on performance of IT Security compliance activities and metrics.
Maintain IT Security compliance programs in accordance with credit union industry regulations and requirements.
Lead organization’s IT security awareness training program activities and coordination with appropriate business and operational units.
Prepare reports and performance metrics for IT Security compliance to senior management, regulators, and Board of Directors.
Provide expert-level analysis of alternatives, design and implementation plans and recommendations supported by strong research skills and provided through strong communication skills.
Supervise and review updates to information security policies, architectures, standards, and/or other technical documents.
Stay abreast of latest industry developments in the information security area.
Represent the organization’s security compliance interests in all matters: with partners, suppliers, industry associations, and government entities to ensure the bi-directional flow of technical information and best practices in the area of information security.
Collaborate closely with other departments to ensure that information security compliance and risk requirements are met.
Master’s Degree and/or Bachelor’s Degree in Computer Science or equivalent in related field preferred.
10+ years of relevant Information Security management experience.
Experience in the management of security control capabilities within large, complex financial services organization.
Solid working knowledge of understanding of key security controls (Access Control, Encryptions, etc.)
Ability to communicate effectively and influence Business and IT leadership, staff, and other stakeholders, company-wide, to implement security recommendations.
Ability to establish and develop effective, trusting relationships with internal business units, together with a proven knowledge of the methods necessary to assess information security within a large organization.
Experience in formal risk assessment and risk management practice.
Strong familiarity with information security, risk management, and IT government standards and frameworks (e.g. NIST 800-53, NIST Cyber Security Framework, ISO 27000, ISO31000, etc.)
This position will directly supervise employees.
CISSP, CISA, CISM, CRISC, etc.
Founded in 1935, and still growing, we began as the War Department Federal Credit Union. Today, PenFed is one of the country’s strongest and most stable financial institutions with over 1.5 million members and over $21 billion in assets. We serve members in all 50 states and the District of Columbia, as well as on military bases in Guam, Puerto Rico and Okinawa.
Our mission isn’t simply to help our members get by. We exist to help them realize every ounce of their potential. We exist to educate, and to encourage. We exist to usher their dreams into the land of reality.
We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more.Equal Employment Opportunity
PenFed will maintain and observe personnel policies which will prohibit discrimination or harassment against a person because of race, color, creed, age, sex, gender, religion, national origin, ancestry, genetic information, military or veteran status or obligation, the presence of a physical and/or mental disability and all other statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same.
PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 703-838-1568.