×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant IT Project Manager

Director, Information Security Risk & Compliance

Job in Tysons, Fairfax County, Virginia, USA
Listing for: PenFed Credit Union
Full Time position
Listed on 2026-03-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, IT Project Manager
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

Pen Fed is hiring (Hybrid) Director, Information Security Risk & Compliance at our Tysons, Virginia location.

The primary purpose of this role is to lead the development, implementation, and continuous improvement of the enterprise Information Security risk and compliance program. This includes overseeing comprehensive risk reporting, driving the creation and maintenance of Information Security policies and standards, steering security education and awareness activities, and ensuring ongoing compliance with internal policies, regulatory requirements, and applicable laws. The Director provides strategic leadership to strengthen the organization’s security posture, promote policy adherence, and enable effective risk‑based decision‑making across the enterprise.

Equivalent combination of education and experience is considered.

  • Master’s Degree and/or bachelor’s degree in computer science or equivalent in related field preferred.
  • Minimum of twelve (12) years of relevant Information Security risk management experience.
  • Experience in the management of security control capabilities within large, complex financial services organization.
  • Minimum of four (4) years of direct management experience.
  • Solid working knowledge of understanding key security controls (Access Control, Encrypt ions, etc.).
  • Ability to communicate effectively and influence Business and IT leadership, staff, and other stakeholders, company-wide, to implement security recommendations.
  • Ability to establish and develop effective, trusting relationships with internal business units, together with a proven knowledge of the methods necessary to assess information security within a large organization.
  • Experience with risk management tracking tools (e.g., Archer, Service Now GRC, or similar platforms) to document risks, monitor remediation progress, maintain control inventories, and deliver accurate, data‑driven risk reporting.
  • Experience in formal risk assessment and risk management practice.
  • Strong familiarity with information security, risk management, and IT government standards and frameworks (e.g. NIST 800-53, NIST Cyber Security Framework, ISO 27000, ISO
    31000, etc.).
Supervisory Responsibility

This position will supervise employees.

Licenses and Certifications

CISSP, CISA, CISM, CRISC, etc.

Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

* Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*

Travel

Ability to travel to various worksites and be on‑call is required.

#LI-Hybrid

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all‑inclusive list of job duties, and the position will perform other duties as assigned.

  • Drive the execution of the cybersecurity risk management program, ensuring risks are identified, assessed, and addressed in alignment with organizational and regulatory requirements.
  • Perform detailed cyber risk assessments, clear document findings, and partner with stakeholders to define and prioritize actionable remediation plans.
  • Lead the development and implementation of security risk management strategies and frameworks. Establish and maintain security risk frameworks, policies, and standards that guide consistent, enterprise‑wide risk management practices.
  • Oversee the enterprise’s third‑party, business continuity, and IT operational risk management activities, ensuring risks are identified, assessed, monitored, and effectively mitigated.
  • Establish, maintain, and continuously improve the enterprise control inventory, including leading control effectiveness assessments to drive measurable risk reduction.
  • Lead, mentor, and manage the security compliance team, fostering a high‑performance culture that supports organizational security, regulatory, and audit requirements.
  • Develop, track, and report risk‑related key performance indicators and metrics that measure the effectiveness of Information Security compliance and risk programs, providing proactive insights to the VP, IT Security Risk and Governance.
  • Ensure all…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search