Overview Are you looking to take your career from good to great? As an employee of PenFed, every day is an opportunity to thrive, and be part of a team working to ensure our organization is providing world class service to our members, employees, and our communities. We exist to help our members realize their full potential, educate and encourage their dreams, and make every effort to follow our mission and help our members “do better.” Joining PenFed is more than being an employee; it’s about being a part of the PenFed family. PenFed is hiring a (Onsite) Vice President, Security Governance and Risk at our Tysons, Virginia location. The primary purpose of this job is to Manage CISO Program Governance and Cyber Security Risk Management. Responsibilities Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned. Supports the development, implementation and monitoring of a comprehensive enterprise information security, compliance and risk management program. Provide leadership for the development of modern cybersecurity governance, policies and standards which are relevant and achievable in our modern, digital and cloud focused organization. Support bringing together key stakeholders to develop and review enterprise security strategies and roadmaps. Coordinate CISO program execution, timelines, deliverables and information requests across CISO functions and with other IT teams and business functions. Responsible for assuring process effectiveness, measurement and optimization, including key metrics, KRIs and KPIs. Monitor information security trends and evolving technologies; liaise with external partners, agencies and peers to ensure that the organization maintains a strong, proactive security posture; keep senior management informed about information security issues and implications for the company. Oversee security awareness strategy and programs, including annual employee training and ongoing awareness campaigns. Creates and executes a cyber security outreach and engagement program to improve understanding and alignment in the business regarding cyber security issues. Understand potential and emerging information security threats, vulnerabilities, and control techniques. Understands the trade-offs required to manage the different levels of risk appetite and risk exposure across the organization. Supports corporate risk leadership to review enterprise IT and cyber risks, assess capabilities, prioritize security and risk strategies, and communicate risk intelligence in a way that drives business decision-making. Engages and coordinates cross functional business participation in risk profiling, investigation, escalation and resolution. Provides leadership to individual contributors building risk capabilities and build program oversight *This role is responsible for ensuring business continuity.* Qualifications Equivalent combination of education and experience is considered. Master’s Degree and/or Bachelor’s Degree in Computer Science or equivalent in related field preferred. Minimum of (15) years’ of work experience, five (5) years of related experience ina a Director level role Minimum of ten (10) years’ of relevant Information Security management experience. Experience in the management of security control capabilities within large, complex financial services organization. Solid working knowledge of understanding of key security controls (Access Control, Encryptions, etc.) Ability to communicate effectively and influence Business and IT leadership, staff, and other stakeholders, company-wide, to implement security recommendations. Ability to establish and develop effective, trusting relationships with internal business units, together with a proven knowledge of the methods necessary to assess information security within a large organization. Experience in formal risk assessment and risk management practice. Strong working knowledge with information security, risk management, and IT government standards and frameworks (e.g. NIST 800-53, NIST Cyber Security Framework, ISO 27000, ISO31000, etc.) Excellent written and verbal communications skills with experience presenting to executives and leadership teams with the ability to communicate security and risk-related concepts to technical and non-technical audiences. Very strong business analysis skills, problem solving techniques, and follow-up. A driver and implementer who possesses the poise and ability to act calmly and competently in high-pressure, high-stress situations. Experience working with global teams based in India and the United States. Experience working with GxP and HIPAA regulations. Strong business acumen and a detailed working knowledge of information security technologies, practices, policies, and their application within Credit Union/Financial industry. Experience in regulatory compliance and liaison Governance and board reporting Supervisory Responsibility _4___Est. Direct Staff / _15__ Est. Full Staff Licenses and Certifications Relevant industry certifications (e.g., CISSP, CISM, CRISC, CISA) strongly preferred. Work Environment While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise. *Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.* Travel Ability to travel to various worksites and be on-call is required. About Us Established in 1935, PenFed today is one of the country’s strongest and most stable financial institutions with over 2.9 million members and over $31 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam and Puerto Rico. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day. We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more. Equal Employment Opportunity PenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and/or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same. PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 402-639-8568.