Director, Information Security Architecture & Vulnerability Management

6 days left

McLean , Virginia
Dec 13, 2017
Mar 03, 2018
Full Time

PenFed is hiring a Director, Information Security Architecture & Vulnerability Management in our headquarters office located in McLean, VA. The primary purpose of this job is to build and lead a multi-disciplinary Enterprise Security Architecture & Vulnerability Management team with the mandate to develop, implement and operate an Information Security Architecture (ISA) framework that will help PenFed provide a comprehensive global view of PenFed’s security controls (people, process, technology) to better understand our capabilities and how they reduce risks for PenFed.


Essential Functions

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned

  • Define the critical strategic defense layers needed to protect PenFed and recommend direction / priorities to continuously improve our controls vs. evolving threats and risks .
  • Enforce adherence to standardization of security controls across the organization to ensure holistic risk management, consistent quality and reduced fragmentation / duplication of costs. 
  • Communicate how PenFed protects against threats and manages security risk to internal stakeholders.  Define and maintain security architecture framework and processes to enable PenFed to develop implement and measure security capabilities aligned with business, technology and threat drivers. 
  • Develop strategies to address evolving threats to systems and data (advanced cyber-attacks, data exfiltration / leakage, information extortion, etc.) and define priorities for improvements to PENFEDs security posture.
  • Ensure the development of security architecture artifacts and deliverables (models, templates, standards and procedures) that can leveraged by other PenFed project & operations teams.
  • Review and evaluate the design and operational effectiveness of security controls and countermeasures used to protect PenFed applications, services and solutions.
  • Review security technologies, tools and services and make recommendations for their use based on security, financial and operational criteria.
  • Liaise with other security practitioners to communicate PenFed security practices and processes; Build and manage a high performance multi-disciplinary security team to support the role.

Education and Experience

Equivalent combination of education and experience is considered.

  • Master’s Degree preferred and/or Bachelor’s Degree in Computer Science or related field.
  • Minimum of ten (10) years’ of relevant experience in Information Security management.
  • Experienced in the management of security control capabilities within large, complex financial services organization.
  • Experience in security architecture practices, processes, frameworks (TOGAF, Zachman, Sabsa) and strategic security planning
  • Excellent knowledge of security and risk management trends as well as emerging threats and vulnerabilities
  • Expert knowledge of security controls and countermeasures (defense in depth) including practical experience with identity management, cyber-security and IT processes / solutions
  • Excellent knowledge of application development methodologies (Agile, Waterfall, Dev Ops) and the processes and practices used to secure them
  • Experience with methodologies to conduct threat / risk modeling on new applications and services
  • Expert knowledge of security / risk control frameworks (NIST, COBiT, ISO 27001, ITIL)
  • Expert knowledge in Red Teaming, Blue Teaming, Purple Teaming and Vulnerability Scanning
  • Expert knowledge in Application Security
  • Expert knowledge in Cloud Security Architecture
  • Strong leadership and facilitation skills with a clear ability to build relationships with stakeholders at all levels, including executive management
  • Excellent oral, written and interpersonal communication skills with the ability to communicate ideas and security concepts to a variety of stakeholders (both technical and C-suite)
  • Highly self-motivated, self-directed and attentive to detail

Supervisory Responsibility

This position will directly supervise employees.


Licenses and Certifications



Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

* Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*



Ability to travel to various work sites and be on-call is required.


About Us

Established in 1935, PenFed today is one of the country's strongest and most stable financial institutions with over 1.6 million members and over $23 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam, Puerto Rico, Okinawa, and Portugal. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day.

Our mission isn't simply to help our members get by. We exist to help them realize every ounce of their potential. We exist to educate, and to encourage. We exist to usher their dreams into the land of reality.

We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site facilities at our larger locations, and more.


Equal Employment Opportunity

PenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and/or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same.

PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 703-838-1568.

Similar jobs