Lead Analyst, Information Security Program

6 days left

McLean , Virginia
Feb 14, 2018
Mar 03, 2018
Full Time


PenFed is hiring a Lead Analyst, Information Security Program in our McLean, Virginia headquarters.The primary purpose of this job is to perform complex analysis to assist in managing the risk and compliance of the controls environment used to protect PenFed data in internal and external systems used by the credit union. The Lead, Program Analyst is a senior contributor who has recognized expertise in their field, mentors junior staff, acts as a project lead and as a subject matter expert for IT Security tools and processes.


Essential Functions

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned

Under general direction from the Director, Information Security Risk and Compliance, this position creates, implements, and manages governance, risk and compliance (GRC) components of the information security program:

  • Conduct information security risk assessments to evaluate information systems, programs and procedures
  • Evaluate, document, and manage third party information security risks 
  • Understand security standards and frameworks, including the Cybersecurity Framework, Critical Security Controls, FFIEC, ISO 27001/27002, PCI DSS, SSAE 18/SOC 1/2/3, and others
  • Identify and develop technical security controls appropriate for a financial institution
  • Develop enterprise policies and standards
  • Monitor and manage compliance of implemented enterprise information security controls
  • Support and facilitate audits of enterprise information systems
  • Assist training and awareness activities
  • Provide reporting, metrics, and testing as needed

Essential Skills

  • Demonstrated knowledge of information systems and security technologies
  • Technical experience in multiple security domains: identify and access, systems, networking, cloud, security tools, monitoring, incident response, forensics, applications and interfaces
  • Extensive experience in two or more areas: risk assessment, GRC, IT audit, IT controls design and testing, and/or third party risk review
  • Experience with conducting enterprise level information security risk assessments (e.g. GLBA, HIPAA, NIST, or ISO)
  • Experience with GRC tools such as RSA Archer
  • Experience with vulnerability management and reporting using tools such as Tenable Security Center
  • Experience in computer and information security assessment, administration, and management
  • Experience in with designing and implementing security controls in a regulated environment
  • Ability to contribute and manage large, complex projects for assessments, audits, and remediation
  • Experience in specifying partner (service and software) security requirements and reviewing security controls and programs for financial applications
  • Understanding of one or more security controls frameworks Cybersecurity Framework (CSF), Critical Security Controls, FFIEC, ISO 27001/27002, PCI DSS, SSAE 18/SOC 1/2/3
  • Skill in presenting findings to technical and business
  • Experience with cloud security controls
  • Excellent customer service skills
  • Strong research, analytical, and problem solving skills
  • Excellent oral and written communication skills, including technical writing
  • Ability to function independently and as a team member
  • Ability to mentor and train junior team members

Desired Skills

  • Experience with large enterprise IT environments
  • Experience with Salesforce and/or AWS


Special Requirements

  • Ability to physically operate and occasionally move computer equipment.


Education and Experience

Equivalent combination of education and experience is considered.

    Master’s Degree preferred and/or Bachelor’s Degree (in Computer Science or related field) or equivalent. Minimum of ten plus (10+) years’ of relevant Information Security management experience.

Supervisory Responsibility

This position will not supervise employees.


Licenses and Certifications

Professional security certifications such as CCSP, CISSP, CISA, CRISC, CISM, CTPRP, or technical certifications such as those from SANS


Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

*Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*



Limited travel to various worksites and be on-call is required.



About Us

Established in 1935, PenFed today is one of the country’s strongest and most stable financial institutions with over 1.6 million members and over $23 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam, Puerto Rico, Okinawa, and Portugal. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day.

Our mission isn’t simply to help our members get by. We exist to help them realize every ounce of their potential. We exist to educate, and to encourage. We exist to usher their dreams into the land of reality.

We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more.


Equal Employment Opportunity

PenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and/or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same.

PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 703-838-1568.

Similar jobs