PenFed Credit Union - West McLean, VA

posted about 2 months ago

Full-time - Mid Level
West McLean, VA
10,001+ employees
Credit Intermediation and Related Activities

About the position

As a Cybersecurity Risk Analyst at PenFed, you will play a crucial role in ensuring the security and integrity of our information systems. This position is designed for a senior contributor who will be responsible for designing, communicating, and testing cybersecurity controls within a large financial institution. You will work collaboratively with various teams to align technical and regulatory requirements across all layers of the technology stack, including vendor, cloud, project, system, and application levels. Your expertise will be essential in conducting information security risk assessments, establishing system boundaries, and identifying potential attack paths. You will also validate required controls and identify gaps in vulnerability assessments and testing, ensuring that our cybersecurity posture is robust and compliant with industry standards. In this role, you will manage and maintain a risk register, prioritizing risks based on their likelihood and impact. You will collaborate with teams to design, implement, monitor, and remediate necessary security measures, while also developing data sources and analytic processes to identify gaps in our security framework. Regular reporting of the cybersecurity posture to senior management will be a key responsibility, along with the development of enterprise policies and standards. You will also assist in training and awareness activities to promote a culture of security within the organization. This position requires a strong technical background in information security, with a minimum of eight years of experience in the field. You will need to demonstrate technical knowledge of key information system platforms and possess experience in various security domains, including risk assessment, IT audit, and third-party risk review. Excellent communication skills, both oral and written, are essential, as you will be required to present complex data in an understandable format to stakeholders. The ability to work independently and as part of a team is crucial, as is a commitment to providing exceptional customer service.

Responsibilities

  • Conduct information security risk assessments to evaluate information systems, vendors, programs, and procedures.
  • Establish system boundaries and threat models.
  • Identify attack paths and validate required controls.
  • Identify gaps in vulnerability assessments and testing.
  • Document evaluation results and recommendations.
  • Manage and maintain a risk register, prioritizing risks based on likelihood and impact.
  • Identify control sets to align cybersecurity controls with regulatory and contractual requirements such as CSF, PCI, and FFIEC.
  • Collaborate with teams to design, implement, monitor, and remediate required security measures.
  • Implement tests and reporting to establish control effectiveness.
  • Develop data sources and analytic processes to identify gaps.
  • Implement and administer security solutions.
  • Provide regular reports of cybersecurity posture to senior management.
  • Develop enterprise policies and standards.
  • Assist training and awareness activities.

Requirements

  • Bachelor's degree in computer science, information security, or a related field.
  • Minimum of eight (8) years of experience in Information Security or a combination of education and experience which meets the requisite skill level.
  • Demonstrated technical knowledge of one or more key information system platforms with the associated configurations used to secure them: Windows, Linux, AWS, Salesforce.
  • Technical experience in several security domains: identify and access, systems, networking, cloud, security tools, monitoring, incident response, forensics, applications and interfaces.
  • Experience in one or more areas: risk assessment, DLP, GRC, IT audit, IT controls design and testing, and/or third-party risk review.
  • Ability to scope data classification and control requirements based on regulatory requirements.
  • Ability to manipulate data using SQL and/or Excel functions.
  • Ability to present summary data in graphs and charts.
  • Experience with cloud security controls.
  • Excellent customer service skills.
  • Strong research, analytical, and problem-solving skills.
  • Excellent oral and written communication skills, including technical writing.
  • Ability to function independently and as a team member.

Nice-to-haves

  • Experience with vulnerability management systems (Nessus, Qualys, Rapid7, etc.)
  • Experience working in a GRC application (e.g. RSA Archer, ServiceNow, etc.)
  • Experience with large enterprise IT environments.

Benefits

  • Robust medical, dental, and vision plan options.
  • Plenty of paid time off.
  • 401k with employer match.
  • On-site fitness facilities at larger locations.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service