Director, National Security-Cybersecurity Governance

Description

About Alvarez & Marsal

Alvarez & Marsal is a premier independent global professional services firm specializing in providing turnaround management, restructuring, performance improvement and corporate advisory services. Our talent drives our success, resulting in our growing Disputes and Investigations practice becoming one of the most respected in the industry. From the boardroom to the courtroom, the firm delivers a wide array of solutions to contentious situations by drawing on the deep skills, diverse disciplines and experiences of its professionals.

We are recognized by Global Arbitration Review as one of the leading firms of independent experts for arbitration and considered a top three firm by Who's Who Legal based on the number of experts across the globe. Our clients include major banks, leading law firms, private equity firms and well-known corporations and upper-mid-sized companies.

The Team

At A&M you will have the opportunity to work with a diverse team of supportive and motivated professionals that love to share their knowledge and depth of industry experience with others. A&M's Disputes and Investigations practice comprises professionals from a wide range of backgrounds, who bring and share their deep expertise in conducting investigations and delivering expert witness reports. We have an inclusive developmental environment where everyone has the opportunity to learn and grow.

Our culture is characterized by openness and entrepreneurial thinking, with a foundation of mutual respect and high-quality standards for our work. We strive to remove bureaucracy in favor of recognizing effort and results through advancement opportunities and a motivating performance-based reward structure.

How you will contribute

With the rapidly changing geopolitical environment, competition for sensitive technologies, and risks associated with potential exploitation of sensitive personal and business data, demand for national security-focused risk analysis and mitigation is growing significantly. Our team supports organizations, investors and counsel in identifying, assessing, and reducing national security-related risk through modern security architectures and enterprise-grade solutions. We focus on implementing Zero Trust security frameworks, establishing robust Identity and Access Management (IAM) controls, and embedding regulatory requirements into business systems and processes.

Our approach facilitates transparency between companies and regulators by leveraging data analytics, automated compliance monitoring, and advanced security tooling. The team serves as fiduciary to U.S. government agencies as either third-party monitor or third-party auditor, ensuring adherence to federal security standards and frameworks.

Responsibilities:

* Lead cross-functional project teams in executing advisory, oversight, and audit projects related to Foreign Direct Investment (FDI) national security reviews, export and technology controls, and Cybersecurity Maturity Model Certification (CMMC). Develop comprehensive project plans, establish key milestones, and manage resource allocation using enterprise project management methodologies and tools.

* Design and implement Zero Trust architecture frameworks and IAM solutions, including privileged access management (PAM), role-based access control (RBAC), and continuous authentication mechanisms. Collaborate with client security

personnel to define and document security controls for distributed, big data systems with emphasis on least-privilege access principles.

* Conduct enterprise-wide security assessments to verify the efficacy of administrative, technical, and physical safeguards, with particular focus on identity governance, access management, and Zero Trust implementation. Evaluate security control maturity against industry frameworks such as NIST 800-53, ISO 27001, and CMMC.

* Direct comprehensive security assessments of applications and software, including: (i) reviewing architecture diagrams with emphasis on identity and access flows; (ii) interviewing personnel across Dev Sec Ops  teams; (iii) evaluating IAM integration points and Zero Trust implementation; (iv) overseeing static and dynamic code analysis; (v) managing network penetration testing; and (vi) preparing detailed technical reports for senior counsel, executives, and national security officials.

* Analyze and interpret penetration test results, focusing on identity-related vulnerabilities, access control weaknesses, and deviations from Zero Trust principles. Develop remediation roadmaps aligned with enterprise architecture standards.

* Implement and integrate security technologies including Security Information and Event Management (SIEM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM) solutions to enable automated compliance monitoring and security oversight.

* Create and maintain project management artifacts including work breakdown structures, risk registers, and resource…