Director, IT Vulnerability Management

Overview Are you looking to take your career from good to great? As an employee of PenFed, every day is an opportunity to thrive, and be part of a team working to ensure our organization is providing world class service to our members, employees, and our communities. We exist to help our members realize their full potential, educate and encourage their dreams, and make every effort to follow our mission and help our members "do better." Joining PenFed is more than being an employee; it's about being a part of the PenFed family. PenFed is hiring a (Hybrid) Director, IT Vulnerability Management at our Tysons, Virginia location. The Director of Information Technology Vulnerability management is responsible for leading PenFed's enterprise-wide vulnerability management program to safeguard member data, ensure regulatory compliance, and maintain the integrity of critical systems. This role oversees the identification, assessment, and remediation of security vulnerabilities across infrastructure, applications, and cloud environments. The director collaborates with Security, Infrastructure, Application Development and Risk teams to ensure vulnerabilities are addressed in alignment with PenFed policies, member service expectations, and federal regulations. Responsibilities Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned. + Lead, mentor, and develop a high-performing vulnerability governance team responsible for oversight, coordination, remediation, and reporting across business units. + Develop and lead the enterprise vulnerability governance strategy aligned with Penfed cybersecurity, operational risk, and regulatory objectives. + Partner with CISO to implement a risk-based prioritization framework using VPR scoring, asset criticality, and threat intelligence to guide remediation efforts. + Partner with technology, operations, and application teams to ensure vulnerabilities are accurately tracked, prioritized, and remediate in alignment with business risk tolerance. + Develop and enforce vulnerability management policies and procedures aligned with NCUA, FFIEC, PCI-DSS, NIST and other applicable regulations. + Deliver comprehensive vulnerability governance reports to executive leadership, the CISO, Risk Committees, and Audit Committees. + Prepare and present audit-ready evidence and documentation for internal and external regulatory reviews. + Drive automation and integration of vulnerability management tools with ticketing, asset inventory, and SIEM platforms. + Mentor and develop a high-performing team, fostering technical excellence and leadership growth. + Promote a culture of proactive security, emphasizing member trust, operational resilience, and shared responsibility for vulnerability risk management across all lines of defense. *This role is responsible for maintaining business continuity* Qualifications Equivalent combination of education and experience is considered. + Bachelor's degree in Computer Science, Information Systems, or related field (master's preferred). Equivalent combination of education and experience is considered. + Minimum 12 years of experience in IT application management, with at least 5 years in vulnerability management leadership. + Experience in financial services or credit union environments is strongly preferred. + Deep understanding of vulnerability management tools (e.g., Tenable, Qualys, Rapid7), CVSS scoring, and remediation workflows. + Familiarity with regulatory frameworks including NCUA, FFIEC, GLBA, and PCI-DSS. + Experience with cloud security (AWS, Azure, GCP), container security, and DevSecOps practices. + Proven ability to lead cross-functional teams and influence stakeholders. + Excellent communication, reporting, and presentation skills. Supervisory Responsibility + Direct supervision of 4-8 IT professionals + Matrix management of cross-functional remediation teams + Oversight of third-party vendors and service providers Licenses and Certifications There are no licenses or certifications required for this role. Work Environment While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise. *Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.* Travel Ability to travel to various worksites and be on-call may is required. About Us Established in 1935, PenFed today is one of the country's strongest and most stable financial institutions with over 2.9 million members and over $31 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam and Puerto Rico. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day. We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more. Equal Employment OpportunityPenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and/or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same. PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 402-639-8568. #LI-Hybrid