Director of Cybersecurity, Governance, Risk and Compliance

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Engineering, or related field
• 7–12+ years of progressive experience in cybersecurity, IT risk, compliance, or security architecture
• Demonstrated experience leading CUI, DFARS, and NIST 800-171 compliance initiatives
• Strong working knowledge of NIST frameworks and federal cybersecurity regulations
• Experience leading risk assessments and remediation programs
• Strong documentation, audit-readiness, and control validation capabilities
• Exceptional risk analysis and problem-solving skills
• Ability to align cybersecurity controls with business processes
• Strong systems thinking and governance design capability
• Strong executive presence and communication skills
• Ability to present complex cybersecurity risks clearly to non-technical audiences
• Collaborative leadership style with the ability to build cross-functional relationships
• Growth-oriented mindset with interest in expanding advisory capabilities
• U.S. Citizenship required
• Ability to travel up to 30% to client sites as needed
• Proficiency in Microsoft Office and cybersecurity reporting tools

Nice To Haves

• Experience working within a government contractor or regulated environments strongly preferred
• Experience with secure federal cloud platforms such as GCC High or GovCloud preferred
• Professional certifications preferred: CISSP, CISM, CISA, ISO 27001 Lead Implementer, Security+, or equivalent

Responsibilities

• Serve as the firm’s senior leader for cybersecurity governance, risk, and compliance advisory services
• Design and oversee enterprise cybersecurity frameworks aligned with NIST CSF, NIST SP 800-171, NIST SP 800-53, ISO 27001, and related standards
• Lead end-to-end CUI and federal compliance programs, including development and maintenance of System Security Plans (SSP) and Plans of Action & Milestones (POA&M)
• Conduct NIST SP 800-171 gap assessments and develop prioritized remediation roadmaps
• Support clients with DFARS 252.204-7012 compliance, SPRS scoring, and CMMC readiness initiatives
• Prepare clients for audits, mock assessments, and government inquiries
• Oversee implementation and validation of technical cybersecurity controls, including: Multi-factor authentication Encryption (data at rest and in transit) Endpoint protection Logging, SIEM, and continuous monitoring Network segmentation Secure configuration and hardening standards
• Provide advisory oversight of secure cloud environments, including Microsoft GCC High, Azure Government, and AWS GovCloud
• Establish identity and access management frameworks and privileged access controls
• Evaluate backup, disaster recovery, and business continuity processes
• Direct incident response strategy and regulatory reporting obligations
• Advise prime contractors on subcontractor cybersecurity flow-down requirements
• Assess subcontractor readiness and compliance risk exposure
• Support documentation required for federal scrutiny
• Develop and deliver CUI-specific and role-based cybersecurity training
• Implement measurable security awareness initiatives, including phishing simulations
• Lead annual program reviews and continuous improvement initiatives
• Maintain compliance posture during infrastructure changes, acquisitions, or system transitions
• Prepare executive-level cybersecurity risk reports and board-ready briefings
• Translate complex technical risk into actionable business guidance
• Collaborate with firm leadership to expand cybersecurity service offerings

Benefits

• Competitive compensation and comprehensive benefits
• Free parking at our Locust Point/McHenry Row office
• Hybrid flexibility is available with approval