GPS - Information Security Governance Leader - Associate Director

About The Position

Requirements

• Bachelor's degree in information security, computer science, or relevant experience
• A minimum of 7-10+ years of experience in information security, with a focus on US government security requirements and compliance
• A minimum of 3+ years of experience with hands-on NIST or CMMC assessor experience; NIST RMF-based assessor experience with cloud-based (AzureGov, AWS) architectures preferred.
• Comprehensive understanding of US government security regulations, standards, and frameworks, including NIST Special Publications (e.g., NIST SP 800-53, NIST SP 800-171) and various other government publications (e.g., STIGs, Security Requirements Guides)
• Experience developing and implementing security policies, standards, and procedures in alignment with government security requirements
• Proficiency in conducting security risk assessments, vulnerability assessments, and penetration testing methodologies
• Strong knowledge of security technologies, including firewalls, intrusion detection/prevention systems, security information and event management (SIEM), and secure coding practices
• Excellent communication skills, with the ability to effectively articulate complex security concepts to both technical and non-technical stakeholders
• Proven ability to lead, influence, and collaborate with cross functional teams
• Strong analytical and problem-solving skills, with the ability to prioritize tasks and manage multiple projects simultaneously
• Experience in incident response management and conducting security investigations is a plus
• Ability to obtain and maintain a Top Secret security clearance

Nice To Haves

• Master's degree preferred
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified CMMC Assessor (CCA) are highly desirable

Responsibilities

• Communicate the value of security governance, risk, and compliance throughout all levels of the organization stakeholders.
• Prepare and present reports on security governance activities, risk assessments, and compliance status to the management team and relevant government authorities
• Foster strong relationships with key stakeholders, including government agencies, assessors, auditors, vendors, and internal teams
• Provide leadership and direction for ensuring that cybersecurity awareness, basics, literacy, and training are provided to staff and operations personnel commensurate with their responsibilities.
• Lead and oversee information security governance budget, staffing, and contracting.
• Build, mentor, and lead a high-performing team of data stewards, governance analysts, and data quality/lineage professionals
• Develop and implement a comprehensive governance framework for addressing the US government security requirements
• Establish and enforce security policies, standards, guidelines, and procedures in accordance with government regulations, such as NIST standards and FISMA guidelines, FedRAMP, and agency specific requirements
• Collaborate with cross-functional teams to assess security risks, identify vulnerabilities, and propose remediation actions
• Conduct regular security risk assessments to identify potential threats and vulnerabilities impacting government security
• Collaborate with the other Information Security and IT departments to ensure that security controls, including people, processes, and technologies, are integrated into systems, networks, and applications
• Lead and oversee the implementation of security controls, including network and systems monitoring, access controls, encryption, authentication, and user provisioning
• Stay up to date with the latest best practices, industry trends, and government security regulations to proactively maintain compliance
• Collaborate with external assessors and auditors and government officials during security audits and assessments

Benefits

• We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business.
• The base salary range for this job in all geographic locations in the US is $152,700 to $294,000.
• The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $183,300 to $334,100.
• Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography.
• In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
• Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances.
• You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.