Cybersecurity Risk Analyst

Are you looking to take your career from good to great? As an employee of PenFed, every day is an opportunity to thrive, and be part of a team working to ensure our organization is providing world class service to our members, employees, and our communities.

We exist to help our members realize their full potential, educate and encourage their dreams, and make every effort to follow our mission and help our members do better.

Joining PenFed is more than being an employee; it’s about being a part of the PenFed family.

PenFed is hiring a (Hybrid) Cybersecurity Risk Analyst at our Tysons, Virginia location. This role is responsible for designing, communicating, and testing the cybersecurity controls for a large financial institution.

Information Security is a team sport, with the risk analyst providing key support in aligning technical and regulatory requirements across all layers of the technology stack : vendor, cloud, project, system and application.

The Cybersecurity Risk Analyst is a senior contributor who approaches problems logically, looks for opportunities and patterns to improve solution effectiveness, is an effective communicator, and takes ownership of tasks.

Have you got the right qualifications and skills for this job Find out below, and hit apply to be considered.

Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties, and the position will perform other duties as assigned.

• Conduct information security risk assessments to evaluate information systems, vendors, programs and procedures.
• Establish system boundaries and threat models.
• Identify attack paths.
• Validate required controls.
• Identify gaps in vulnerability assessments and testing.
• Document evaluation results and recommendations.
• Manage and maintain a risk register, prioritizing risks based on likelihood and impact.
• Identify control sets to align cybersecurity controls with regulatory and contractual requirements such as CSF, PCI, and FFIEC.
• Collaborate with teams to design, implement, monitor and remediate required security measures.
• Implement tests and reporting to establish control effectiveness.
• Develop data sources and analytic processes to identify gaps.
• Implement and administer security solutions.
• Provide regular reports of cybersecurity posture to senior management.
• Develop enterprise policies and standards.
• Assist training and awareness activities.

Qualifications

An equivalent combination of education and experience is considered.

• Bachelor’s degree in computer science, information security, or a related field.
• Minimum of eight (8) years of experience in Information Security or a combination of education and experience which meets the requisite skill level.

Essential Skills

• Demonstrated technical knowledge of one or more key information system platforms with the associated configurations used to secure them :
• Windows
• Linux
• Salesforce
• Technical experience in several security domains : identify and access, systems, networking, cloud, security tools, monitoring, incident response, forensics, applications and interfaces.
• Experience in one or more areas : risk assessment, DLP, GRC, IT audit, IT controls design and testing, and / or third-party risk review.
• Ability to scope data classification and control requirements based on regulatory requirements.
• Ability to manipulate data using SQL and / or Excel functions.
• Ability to present summary data in graphs and charts.
• Experience with cloud security controls.
• Excellent customer service skills.
• Strong research, analytical, and problem-solving skills.
• Excellent oral and written communication skills, including technical writing.
• Ability to function independently and as a team member.

Desired Skills

• Experience with vulnerability management systems (Nessus, Qualys, Rapid7, etc.)
• Experience working in a GRC application (e.g. RSA Archer, ServiceNow, etc.)
• Experience with large enterprise IT environments.

Special Requirements

Ability to physically operate and occasionally move computer equipment.

Supervisory Responsibility

This position will not supervise employees.

Licenses and Certifications

Technical certs for Windows, Linux, Microsoft 365, AWS, Salesforce and / or SANS preferred.

Professional security certs such as CISSP, CRISC, CISM, CIPP, or CTPRP are preferred.

Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*

Travel

Limited travel to various worksites is required.

About Us

Established in 1935, PenFed today is one of the country’s strongest and most stable financial institutions with over 2.8 million members and over $36 billion in assets.

We serve members in all 50 states and the District of Columbia, as well as in Guam, Puerto Rico and Okinawa. We are federally insured by NCUA and we are an Equal Housing Lender.

We are available to members worldwide, via the web, seven days a week, twenty-four hours a day.

We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more.

Equal Employment Opportunity

PenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and / or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment.

PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same.

PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed.

Contact human resources (HR) with any questions or requests for accommodation at 402-639-8568.

J-18808-Ljbffr