Director, National Security-Cybersecurity Governance
Join to apply for the Director, National Security-Cybersecurity Governance role at Alvarez & Marsal
About Alvarez & Marsal (A&M) is a global consulting firm with over 10,000 entrepreneurial, action and results-oriented professionals in over 40 countries. We take a hands-on approach to solving our clients' problems and assisting them in reaching their potential. Our culture celebrates independent thinkers and doers who positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M's core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity—are why our people love working at A&M.
Responsibilities
With the rapidly changing geopolitical environment, competition for sensitive technologies, and risks associated with potential exploitation of sensitive personal and business data, demand for national security-focused risk analysis and mitigation is growing significantly. Our team supports organizations, investors and counsel in identifying, assessing, and reducing national security-related risk through modern security architectures and enterprise-grade solutions. We focus on implementing Zero Trust security frameworks, establishing robust Identity and Access Management (IAM) controls, and embedding regulatory requirements into business systems and processes. Our approach facilitates transparency between companies and regulators by leveraging data analytics, automated compliance monitoring, and advanced security tooling. The team serves as fiduciary to U.S. government agencies as either third-party monitor or third-party auditor, ensuring adherence to federal security standards and frameworks.
- Lead cross-functional project teams in executing advisory, oversight, and audit projects related to Foreign Direct Investment (FDI) national security reviews, export and technology controls, and Cybersecurity Maturity Model Certification (CMMC). Develop comprehensive project plans, establish key milestones, and manage resource allocation using enterprise project management methodologies and tools.
- Design and implement Zero Trust architecture frameworks and IAM solutions, including privileged access management (PAM), role-based access control (RBAC), and continuous authentication mechanisms. Collaborate with client security personnel to define and document security controls for distributed, big data systems with emphasis on least-privilege access principles.
- Conduct enterprise-wide security assessments to verify the efficacy of administrative, technical, and physical safeguards, with particular focus on identity governance, access management, and Zero Trust implementation. Evaluate security control maturity against industry frameworks such as NIST 800-53, ISO 27001, and CMMC.
- Direct comprehensive security assessments of applications and software, including architecture review, DevSecOps collaboration, IAM integration evaluation, oversight of static and dynamic code analysis, management of network penetration testing, and preparation of detailed technical reports for senior counsel, executives, and national security officials.
- Analyze and interpret penetration test results, focusing on identity-related vulnerabilities and deviations from Zero Trust principles. Develop remediation roadmaps aligned with enterprise architecture standards.
- Implement and integrate security technologies including SIEM, IGA, and PAM to enable automated compliance monitoring and security oversight.
- Create and maintain project management artifacts such as work breakdown structures, risk registers, and resource allocation plans. Establish governance and reporting mechanisms to ensure alignment with objectives and regulatory requirements.
- Availability for up to 20% travel to client sites and security assessment locations.
Qualifications
- 8+ years of experience with technology companies delivering controlled technology domestically and internationally
- Experience with NIST CSF, NIST SP 800-53, NIST SP 800-171, NIST SP 800-218, NIST SP 800-161, and/or ISO 27001
- Experience in cybersecurity governance (e.g., NIST CSF, NIST 800-171/800-53, CIS Control 18, ISO 27001)
- Proficiency in at least one programming language (e.g., Python, Java, etc.)
- Background in network and cloud-based platforms (e.g., GCP, AWS, Kubernetes)
- Familiarity with containerization technologies and deployments
- Experience with Big Data platforms (on-premise and cloud)
- Ability to obtain a US Government security clearance
- One or more relevant industry certifications: CompTIA Security+, CompTIA CySA+, CompTIA CASP+, CISSP, CISM, CISA, ISO 27001, or comparable
Your journey at A&M
We recognize that our people are the driving force behind our success, and we prioritize an employee experience that supports professional and personal development. Our performance development process promotes continuous learning, rewards contributions, and fosters a meritocratic culture. We offer top-tier training and on-the-job learning opportunities to help you advance your career.
We also prioritize well-being, offering benefits and resources to support you. Our people highlight growth opportunities, entrepreneurial culture, and collaboration as key reasons to work at A&M. The possibilities are endless for high-performing and passionate professionals.
Benefits and compensation
Regular employees working 30+ hours per week are entitled to healthcare, flexible spending accounts, life, AD&D, disability coverages, and a 401(k) retirement plan. A discretionary 401(k) contribution may be provided. Paid time off includes vacation, personal days, 72 hours of sick time (prorated for part-time), 10 federal holidays, one floating holiday, and parental leave. Vacation and personal days vary by tenure and role. The salary range is $130,000 - $175,000 annually, with potential discretionary bonuses based on performance. Details available from the recruiter.
Equal Opportunity & Diversity
Alvarez & Marsal is an Equal Opportunity Employer. We provide equal opportunity in employment, compensation, and other terms without discrimination based on race, color, creed, religion, national origin, ancestry, citizenship status, sex or gender, gender identity or gender expression, sexual orientation, marital status, military service, disability, or any other characteristic protected by law. Details available by region in our policy statements.
Note
Unsolicited resumes from third-party recruiters are not accepted unless engaged for a specific opening. A&M reserves the right to hire at its discretion without a fee to submitting agencies.
- Seniority level: Director
- Employment type: Full-time
- Job function: Information Technology
- Industry: Business Consulting and Services