Director, National Security-Cybersecurity Governance

About Alvarez & Marsal

A global professional services firm specializing in turnaround management, restructuring, performance improvement, and corporate advisory services. Our Disputes & Investigations practice is recognized for delivering solutions to contentious situations through deep expertise and multidisciplinary teams.

• Lead cross‑functional project teams in executing advisory, oversight, and audit projects related to FDI national security reviews, export and technology controls, and CMMC.
• Develop comprehensive project plans, establish key milestones, and manage resources using enterprise project management methodologies.
• Design and implement Zero Trust architecture frameworks and IAM solutions, including PAM, RBAC, and continuous authentication mechanisms.
• Collaborate with client security personnel to define and document security controls for distributed, big‑data systems, emphasizing least‑privilege access.
• Conduct enterprise‑wide security assessments to verify the efficacy of administrative, technical, and physical safeguards, focusing on identity governance, access management, and Zero Trust implementation.
• Evaluate security control maturity against industry frameworks such as NIST 800‑53, ISO 27001, and CMMC.
• Direct comprehensive security assessments of applications and software, including architecture review, interviewing Dev Sec Ops  personnel, evaluating IAM integration, overseeing static and dynamic code analysis, managing network penetration testing, and preparing detailed reports for senior counsel, executives, and national security officials.
• Analyze and interpret penetration test results, focusing on identity‑related vulnerabilities, access control weaknesses, and Zero Trust deviations; develop remediation roadmaps aligned with enterprise architecture standards.
• Implement and integrate security technologies such as SIEM, IGA, and PAM to enable automated compliance monitoring and oversight.
• Create and maintain project management artifacts including work breakdown structures, risk registers, and resource allocation plans; establish project governance frameworks and reporting mechanisms.
• Ensure availability for up to 20% travel to client sites and assessment locations.

• 8+ years of experience in technology companies that deliver controlled technology nationally and internationally.
• Experience with NIST CSF, NIST SP 800‑53, NIST SP 800‑171, and ISO 27001 (or equivalent).
• Experience in cybersecurity governance, including working with NIST CSF, 800‑171, 800‑53, CIS‑18 IG1, ISO 27001.
• Proficiency in at least one programming language (e.g., Python, Java).
• Background in network and cloud‑based platforms (e.g., GCP, AWS, Kubernetes).
• Familiarity with containerization technologies and deployments.
• Experience with Big Data platforms (on‑premise and cloud).
• Ability to obtain a USG security clearance.
• Relevant industry certification such as CompTIA Security+, CompTIA CySA+, CompTIA CASP+, CISSP, CISM, CISA, ISO 27001.

Salary range: $130,000 – $175,000 annually, based on education, experience, skills, and geography. A discretionary bonus program is available.

Full‑time employees (30+ hours) receive healthcare plans, flexible spending accounts, life/AD&D, disability coverage, 401(k) with possible discretionary contribution, paid time off, vacation, and other benefits.

Alvarez & Marsal is an equal opportunity employer and promotes diversity and inclusion. Employment decisions are made without discrimination based on race, color, creed, religion, national origin, ancestry, citizenship status, sex, gender identity, sexual orientation, marital status, military service, veteran status, or disabilities. Applicants with protected characteristics are guaranteed an inclusive and respectful workplace.