PenFed Credit Union - McLean, VA

posted about 2 months ago

Full-time - Mid Level
McLean, VA
10,001+ employees
Credit Intermediation and Related Activities

About the position

Are you looking to take your career from good to great? As an employee of PenFed, every day is an opportunity to thrive, and be part of a team working to ensure our organization is providing world class service to our members, employees, and our communities. We exist to help our members realize their full potential, educate and encourage their dreams, and make every effort to follow our mission and help our members "do better." Joining PenFed is more than being an employee; it's about being a part of the PenFed family. PenFed is hiring a (Hybrid) Cybersecurity Risk Analyst at our Tysons, Virginia location. This role is responsible for designing, communicating, and testing the cybersecurity controls for a large financial institution. Information Security is a team sport, with the risk analyst providing key support in aligning technical and regulatory requirements across all layers of the technology stack: vendor, cloud, project, system and application. The Cybersecurity Risk Analyst is a senior contributor who approaches problems logically, looks for opportunities and patterns to improve solution effectiveness, is an effective communicator, and takes ownership of tasks.

Responsibilities

  • Conduct information security risk assessments to evaluate information systems, vendors, programs and procedures.
  • Establish system boundaries and threat models.
  • Identify attack paths.
  • Validate required controls.
  • Identify gaps in vulnerability assessments and testing.
  • Document evaluation results and recommendations.
  • Manage and maintain a risk register, prioritizing risks based on likelihood and impact.
  • Identify control sets to align cybersecurity controls with regulatory and contractual requirements such as CSF, PCI, and FFIEC.
  • Collaborate with teams to design, implement, monitor and remediate required security measures.
  • Implement tests and reporting to establish control effectiveness.
  • Develop data sources and analytic processes to identify gaps.
  • Implement and administer security solutions.
  • Provide regular reports of cybersecurity posture to senior management.
  • Develop enterprise policies and standards.
  • Assist training and awareness activities.

Requirements

  • Bachelor's degree in computer science, information security, or a related field.
  • Minimum of eight (8) years of experience in Information Security or a combination of education and experience which meets the requisite skill level.
  • Demonstrated technical knowledge of one or more key information system platforms with the associated configurations used to secure them: Windows, Linux, AWS, Salesforce.
  • Technical experience in several security domains: identify and access, systems, networking, cloud, security tools, monitoring, incident response, forensics, applications and interfaces.
  • Experience in one or more areas: risk assessment, DLP, GRC, IT audit, IT controls design and testing, and/or third-party risk review.
  • Ability to scope data classification and control requirements based on regulatory requirements.
  • Ability to manipulate data using SQL and/or Excel functions.
  • Ability to present summary data in graphs and charts.
  • Experience with cloud security controls.
  • Excellent customer service skills.
  • Strong research, analytical, and problem-solving skills.
  • Excellent oral and written communication skills, including technical writing.
  • Ability to function independently and as a team member.

Nice-to-haves

  • Experience with vulnerability management systems (Nessus, Qualys, Rapid7, etc.)
  • Experience working in a GRC application (e.g. RSA Archer, ServiceNow, etc.)
  • Experience with large enterprise IT environments.

Benefits

  • 401(k) matching
  • Dental insurance
  • Health insurance
  • Paid time off
  • Vision insurance
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service