Director, Information Security - Reston, VA

About The Position

Requirements

• Minimum of fifteen (15) years of progressive IT experience, including at least six (6) years in information security roles.
• Bachelor’s degree in computer science, cybersecurity, or related field required; advanced degree preferred.
• One or more advanced security certifications required (e.g., CISSP, CISM, CISA, CCSP).
• Proven experience building and leading security teams.
• Strong knowledge of enterprise security architecture, security operations, GRC frameworks, and risk management.
• Experience with Microsoft O365, Azure AD, virtual networks, firewalls, and modern security toolsets.
• Familiarity with frameworks such as NIST CSF, ISO 27001, CIS Controls, CMMC.

Responsibilities

• Report to the CIO/CISO and contribute to executive-level decision making on security matters.
• Provide strategic leadership over the information security function, including technical operations, GRC, and incident response.
• Supervise a growing team of security professionals, with responsibility for hiring, performance management, training, and development.
• Build and execute a multi-year information security roadmap aligned with business goals and evolving threat landscapes.
• Collaborate with IT, Legal, HR, Marketing, Compliance, Product, and business units to implement practical, risk-based security controls and policies across the enterprise.
• Serve as a subject matter expert on cybersecurity, advising stakeholders across the enterprise.
• Communicate risk posture, security metrics and program maturity to executive leadership and governance bodies.
• Lead the design, implementation, and continuous improvement of secure enterprise architectures, ensuring protection of data, applications, and infrastructure.
• Oversee technical security operations, including endpoint security (EDR/XDR & MDM), vulnerability management, logging and detection (SIEM, SOAR, threat intelligence, UEBA, CSPM/ASM), data protection (DLP, classification, encryption, backup and governance), application and DevSecOps (SAST/DAST, SBOM, secrets, API and container security), and cloud/infrastructure security (CWPP, IaC scanning, and hybrid/cloud hardening).
• Develop and implement comprehensive GRC programs addressing risk management, compliance standards(e.g., NIST 800-171, CMMC, ISO, CIS), customer requirements, audit readiness, policy management, and vendor risk.
• Direct incident response, conduct root cause analysis, and implement corrective actions.
• Oversee business continuity and resilience initiatives such as DR automation, tabletop exercises, and cross-team crisis readiness.
• Establish and maintain security metrics, KPIs, and reporting processes.
• Develop and maintain the information security budget, ensuring strategic allocation of resources.
• Stay informed of emerging threats, technologies, and regulatory changes to continuously improve security posture.
• Support internal and external security audits and regulatory inquiries.
• Oversee development and delivery of training and awareness programs to promote a security-conscious workforce.

Benefits

• Medical, dental, vision, life, and disability insurance
• 401(k) retirement savings plan with company match
• Paid time off, sick leave, and paid holidays
• Tuition reimbursement and professional development support
• Discretionary bonuses and other performance-based incentives
• Employee Assistance Program (EAP), wellness initiatives, and employee discounts