Sr. Director, Compliance & Risk Management Solutions

Diaconia LLC•Gaithersburg, MD

21h

About The Position

Diaconia is looking for a Sr. Director, Compliance & Risk Management Solutions to join our Amazing team!If you're looking to join a company that truly appreciates you and your talents, look no further! At Diaconia, we are committed to serving and caring for our colleagues, our clients and our community. Our team is made up of talented individuals who appreciate having the opportunity to contribute their knowledge and experience to further the growth and development of our industry. Our ideal candidates embrace diverse thinking, enjoy partnering with others and are seeking to make a difference! Position Summary: The Sr. Director, Compliance & Risk Management Solutions is responsible for establishing, leading, and scaling a core business capability focused on E-Discovery, FOIA Compliance, Data Privacy Compliance, Risk Management Framework (RMF), and Authority to Operate (ATO) services, including continuous monitoring, vulnerability and incident alerting, and DevSecOps-aligned security automation. This role owns the full lifecycle of the capability—strategy, client targeting, business development, solution design, delivery execution, and talent development—while ensuring technical rigor and compliance with NIST 800-37, 800-53, 800-30, and agency-specific security and privacy requirements. The role is both externally facing (client engagement, pipeline development, capture support) and internally focused (capability maturity, delivery excellence, margin performance, and workforce development), serving as a trusted advisor to federal clients and a growth leader within the organization.

Requirements

Bachelor’s degree in Cybersecurity, Information Systems, Engineering, Public Policy, or a related field (Master’s degree preferred).
12+ years of progressive experience in federal cybersecurity, risk management, compliance, or privacy programs, including senior leadership experience.
Demonstrated expertise in Privacy Standards, RMF and ATO execution, including but limited to FOIA, SSPs, POA&Ms, continuous monitoring, and authorization decision support.
Deep working knowledge of NIST 800-37, 800-53, 800-30, and agency-specific cybersecurity and privacy requirements.
Proven experience identifying target clients, shaping opportunities, and supporting successful federal contract awards.
Experience leading multidisciplinary teams and scaling a practice or capability within a government contracting environment

Nice To Haves

Experience supporting FedRAMP, DoD, DHS, or large civilian agency authorization programs.
Familiarity with E-Discovery platforms, FOIA workflows, privacy impact assessments (PIAs), and data governance frameworks.
Certifications such as CISSP, CISM, CRISC, PMP, or equivalent a plus.
Experience integrating cybersecurity compliance into DevSecOps and cloud environments.
Active or ability to obtain a U.S. Government security clearance.

Responsibilities

Establish and lead an integrated Compliance & Risk Management capability encompassing RMF/ATO, E-Discovery, FOIA operations, privacy compliance, continuous monitoring, and security automation solutions.
Define the vision, service offerings, operating model, and roadmap for the practice, including professional services and supporting technology solutions.
Develop reusable frameworks, playbooks, authorization artifacts, and standardized methodologies to improve delivery quality, scalability, and margins.
Ensure alignment of offerings with federal agency priorities, evolving cybersecurity mandates, and regulatory requirements.
Identify and prioritize target federal clients, agencies, and mission areas aligned to RMF, Privacy, and Compliance Modernization initiatives.
Leverage existing executive and technical relationships to expand footprint, increase task order awards, and generate net-new opportunities.
Partner with Capture, BD, and Contracts teams to shape opportunities, develop win strategies, and support proposal development (technical volumes, staffing plans, pricing assumptions).
Serve as a senior solution architect and subject matter expert during client engagements, orals, and technical interchange meetings.
Lead the design and execution of RMF and ATO solutions supporting:
System security categorizations
System Security Plans (SSPs)
Risk Assessments and Threat Modeling (NIST 800-30)
POA&Ms, control inheritance, and remediation strategies
Continuous monitoring artifacts and reporting
Ensure compliance with NIST 800-37 lifecycle requirements, 800-53 security and privacy controls, and agency-specific overlays (e.g., FedRAMP, DHS, DoD, civilian agency requirements).
Oversee delivery of E-Discovery and FOIA compliance solutions that align with federal records management, privacy, and litigation readiness requirements.
Support client authorization decisions by providing accurate, defensible risk assessments and documentation that reduce time-to-ATO and reauthorization delays.
Drive adoption of automation, reusable authorization artifacts, and continuous control monitoring to modernize RMF and compliance delivery.
Integrate DevSecOps-aligned security controls into system pipelines, enabling faster, more resilient ATO and continuous authorization models.
Collaborate with engineering and product teams to align professional services with supporting technology platforms and tools.
Monitor emerging technologies, OMB guidance, and federal cybersecurity trends to continuously evolve offerings.
Build, mentor, and retain a high-performing team of cybersecurity, privacy, compliance, and risk professionals.
Define role structures, career paths, training plans, and certification strategies aligned to NIST, RMF, and agency requirements.
Ensure delivery excellence, client satisfaction, compliance with contract requirements, and achievement of revenue, margin, and utilization targets.
Partner with HR, Finance, and Operations to manage workforce planning, cost controls, and scalability.