We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Senior Information Security Engineer, Marlborough or Chelmsford, MA, Hybrid

Digital Federal Credit Union
United States, Massachusetts, Berlin
853 Donald Lynch Boulevard (Show on map)
Jul 06, 2026
Description

Schedule



Mon - Fri: 8 AM - 5 PM (40 Hours)



What You'll Do



Job Summary:

This role provides independent Second Line of Defense (2LOD) oversight and risk assessment of the organization's information security program, controls, and technology environment. The position supports the identification, assessment, monitoring, and reporting of information security risks to ensure alignment with the organization's risk appetite, regulatory expectations, and industry standards. Through risk analysis, control evaluations, and effective challenge, this role helps strengthen the organization's cybersecurity posture and operational resilience.

Essential Functions:

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.



  • Perform independent assessments of information security risks, controls, and processes across technology environments, applications, infrastructure, and third-party relationships.
  • Evaluate the design and effectiveness of security controls against established frameworks, regulatory requirements, and industry best practices.
  • Identify, analyze, and communicate cybersecurity risks, vulnerabilities, control weaknesses, and emerging threats to risk and business stakeholders.
  • Support governance and oversight of security domains including identity and access management, vulnerability management, cloud security, application security, data protection, and cybersecurity operations.
  • Conduct risk assessments for new technologies, projects, systems, and business initiatives to evaluate potential security and operational risks.
  • Provide effective challenge to first-line security practices, risk decisions, control implementations, and remediation strategies.
  • Monitor and assess information security metrics, key risk indicators (KRIs), control effectiveness measures, and trends to identify emerging risks and opportunities for improvement.
  • Support development and maintenance of information security risk management policies, standards, methodologies, and governance processes.
  • Participate in regulatory examinations, internal audits, risk reviews, and compliance assessments by preparing analysis, documentation, and responses to requests.
  • Partner with Technology, Information Security, Compliance, Enterprise Risk, Internal Audit, and business stakeholders to strengthen risk management practices and improve control maturity.
  • Prepare reporting and presentations that communicate technical risks, control gaps, and security trends to a variety of audiences.
  • Support oversight of third-party technology providers and critical vendor security risk management activities.
  • Stay current on cybersecurity threats, regulatory developments, emerging technologies, and industry practices to evaluate potential impacts to the organization.



Typical Scope:



  • Applies best practices and knowledge of internal/external business challenges to improve products, processes or services. Is accountable for small projects or programs with manageable risks and resource requirements. Resolves difficult and complex problems using judgment and analysis; contributes to problem solving in collaborative settings. Interprets policies and adapts them to new situations.
  • Demonstrates judgment in selecting methods to solve problems that have cross-functional impacts or require balancing competing priorities. Applies advanced knowledge of job area with experienced understanding of functional area.
  • Typically receives little instruction on daily work. Works independently within defined specialties; adapts methods and procedures for routine work with minimal oversight. Accountable for deliverables. May mentor others and coach or review their work.



What You'll Need



Education & Experience:



  • Required Education: Bachelors degree in field relevant to role (or 4 additional years of relevant experience in lieu of a degree)
  • Required Experience: 4 - 6 years of relevant experience



Qualifications & Skills:



  • Knowledge of information security frameworks and standards such as NIST CSF, NIST 800-53, ISO 27001, CIS Controls, or FFIEC guidance. Familiarity with regulatory expectations applicable to financial services environments.
  • Understanding of cybersecurity domains, but particularly artificial intelligence (AI), cloud security, network security, and data protection.
  • Ability to provide solutions which allow the safe usage of AI technologies in a financial services organization.
  • Experience with Model Context Protocol (MCP) governance
  • Experience with Microsoft Copilot, OpenAI ChatGPT, Anthropic Claude and other similar technologies.
  • Familiarity with AI security tools such as Palo Alto Prisma AI runtime security (AIRS), Crowdstrike Falcon AI Detection and Response (AIDR) or other similar tools.
  • Deep experience with securing and governing Microsoft Azure and Amazon Web Services (AWS).
  • Experience with cloud security tooling such as Orca, Prisma Access Cloud, Wiz or other similar tools.
  • Strong analytical and problem-solving skills with the ability to evaluate complex security and technology risks.
  • Ability to provide objective risk assessments and effective challenge while building collaborative stakeholder relationships.
  • Support the ability to "shift left" and incorporate security early on and throughout the development lifecycle.
  • Strong written and verbal communication skills with the ability to translate technical concepts into business-focused risk discussions.



    What We Do



    DCU is the largest credit union headquartered in New England - serving more than one million members in all 50 states. With over 1,700 team members, we strive to make DCU a great place to work with an excellent work-life balance, and a community that cares.

    DCU is an equal opportunity employer, and we value diversity, inclusion, and equity at our company. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

    If you're applying for a job and need a reasonable accommodation for any part of the employment process, please send an email to careers@dcu.org and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.

    DCU is not currently offering Visa transfer/ sponsorship for this position.



    Expected Pay Range



    $116,500 - 140,000


    Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

    This employer is required to notify all applicants of their rights pursuant to federal employment laws.
    For further information, please review the Know Your Rights notice from the Department of Labor.
    Applied = 0

    (web-77cf7d65c7-rcc7h)