Director of Cyber Risk & Assurance

About The Position

Requirements

• U.S. citizenship is required for this position due to Department of Defense restrictions.
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, Business, or related field; equivalent combination of education and relevant experience may be considered.
• 10 or more years of progressive experience in cybersecurity, technology risk, information security governance, security assurance or related risk functions.
• 5 or more years in a leadership role in cybersecurity risk, GRC, assurance, technology risk, or cyber governance.
• Demonstrated experience building or maturing a risk-based cybersecurity governance, risk, compliance, or assurance program.
• Strong knowledge of cybersecurity control frameworks and regulatory expectations such as NIST CSF, NIST SP 800-53, NIST SP 800-171, HIPAA, CMS security requirements, CMMC, SOC 1/SOC 2, ISO 27001, or comparable frameworks.
• Proven experience using workflow automation, GRC tools, reporting dashboards, or process automation to improve risk, compliance, assurance, evidence collection, and remediation workflows.
• Working knowledge of AI-related cybersecurity risk, safe-use governance, AI policy considerations, or AI-enabled workflow automation.
• Demonstrated ability to translate complex technical control gaps into clear business‑risk implications and prioritized remediation strategies, paired with strong executive‑level communication, presentation, and stakeholder‑leadership skills.

Nice To Haves

• Experience in healthcare, insurance, government contracting, Medicare Administrative Contractor (MAC), U.S. Department of Defense (DOD), Tricare, highly regulated, or federally controlled environments.
• Experience supporting Centers for Medicare & Medicaid Services (CMS), Section 912, CMMC, NIST 800-53/171, or other regulated audit and assurance environments.
• Master’s degree in Cybersecurity.
• Certifications such as CISSP, CISM, CRISC, CGRC, HCISPP, ISO 27001 Lead Implementer/Auditor, or similar.

Responsibilities

• Leading the Cyber Risk & Assurance function encompassing governance, risk management, compliance coordination, and executive-level cyber risk reporting.
• Driving a risk-based assurance model that strengthens control effectiveness, remediation accountability, and measurable cybersecurity maturity.
• Overseeing the development and maintenance of an enterprise-aligned cybersecurity risk framework that meets regulatory, contractual, and AI governance expectations.
• Overseeing cybersecurity audits, regulatory readiness, and control assurance activities across all required frameworks and assessments within an enterprise level environment.
• Governing cybersecurity policies, awareness programs, and cross-functional alignment of security requirements to business-owned outcomes.
• Establishing and enabling AI automation procedures, GRC enablement, and M&A/business-change risk practices that ensure consistent identification, assessment, and remediation of cyber risks.
• Leading staff development, stakeholder engagement, and executive-level risk communication to support enterprise cyber resilience and long-term cybersecurity strategy.

Benefits

• Remote and hybrid work options available
• Performance bonus and/or merit increase opportunities
• 401(k) with a 100% match for the first 3% of your salary and a 50% match for the next 2% of your salary (100% vested immediately)
• Competitive paid time off
• Health insurance, dental insurance, and telehealth services start DAY 1
• Professional and Leadership Development Programs