Director, National Security-Cybersecurity Governance
Join to apply for the Director, National Security-Cybersecurity Governance role at Alvarez & Marsal
About Alvarez & Marsal (A&M) is a global consulting firm with over 10,000 entrepreneurial, action and results-oriented professionals in over 40 countries. We take a hands-on approach to solving our clients' problems and assisting them in reaching their potential. Our culture celebrates independent thinkers and doers who positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M's core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity—are why our people love working at A&M.
What will you be doing?
With the rapidly changing geopolitical environment, competition for sensitive technologies, and risks associated with potential exploitation of sensitive personal and business data, demand for national security-focused risk analysis and mitigation is growing significantly. Our team supports organizations, investors and counsel in identifying, assessing, and reducing national security-related risk through modern security architectures and enterprise-grade solutions.
We focus on implementing Zero Trust security frameworks, establishing robust Identity and Access Management (IAM) controls, and embedding regulatory requirements into business systems and processes. Our approach facilitates transparency between companies and regulators by leveraging data analytics, automated compliance monitoring, and advanced security tooling. The team serves as fiduciary to U.S. government agencies as either third-party monitor or third-party auditor, ensuring adherence to federal security standards and frameworks.
- Lead cross-functional project teams in executing advisory, oversight, and audit projects related to Foreign Direct Investment (FDI) national security reviews, export and technology controls, and Cybersecurity Maturity Model Certification (CMMC). Develop comprehensive project plans, establish key milestones, and manage resource allocation using enterprise project management methodologies and tools.
- Design and implement Zero Trust architecture frameworks and IAM solutions, including privileged access management (PAM), role-based access control (RBAC), and continuous authentication mechanisms. Collaborate with client security personnel to define and document security controls for distributed, big data systems with emphasis on least-privilege access principles.
- Conduct enterprise-wide security assessments to verify the efficacy of administrative, technical, and physical safeguards, with particular focus on identity governance, access management, and Zero Trust implementation. Evaluate security control maturity against industry frameworks such as NIST 800-53, ISO 27001, and CMMC.
- Direct comprehensive security assessments of applications and software, including: architecture reviews with emphasis on identity and access flows; interviews with DevSecOps teams; evaluation of IAM integration points and Zero Trust implementation; oversight of static and dynamic code analysis; management of network penetration testing; and preparation of detailed technical reports for senior counsel, executives, and national security officials.
- Analyze and interpret penetration test results, focusing on identity-related vulnerabilities, access control weaknesses, and deviations from Zero Trust principles. Develop remediation roadmaps aligned with enterprise architecture standards.
- Implement and integrate security technologies including SIEM, IGA, and PAM solutions to enable automated compliance monitoring and security oversight.
- Create and maintain project management artifacts including work breakdown structures, risk registers, and resource allocation plans. Establish project governance frameworks and reporting mechanisms to ensure alignment with organizational objectives and regulatory requirements.
- Availability for up to 20% travel required to client sites and security assessment locations.
Who will you be working with?
At A&M you will have the opportunity to work with a diverse team of supportive and motivated professionals that love to share their knowledge and depth of industry experience with others. We have an inclusive developmental environment where everyone has the opportunity to learn and grow. Our culture is characterized by openness and entrepreneurial thinking, with a foundation of mutual respect and high-quality standards for our work.
How will you grow and be supported?
As a Disputes and Investigations Director, you will have the opportunity to take your career to the next level by gaining invaluable experience across different industries, sectors, and companies on a variety of interesting and critical projects. You will have the opportunity to apply your critical thinking, analysis and research skills in complex, ambiguous situations. Building on your communication skills, you will work to distill your findings into concise, intuitive, and compelling data stories. You will be working closely as a team with experienced professionals who will provide you with developmental feedback and growth opportunities. You will have the opportunity to lead various project workstreams, while gaining exposure to a variety of disputes and investigations, across an array of clients and industries.
We offer competitive benefits and opportunities to support your personal and professional development. A&M recognizes that our people drive our growth, and you will be provided with the best available training and development resources through formalized and on the job training, as well as networking opportunities with renowned legal and accounting experts.
Learn more about why A&M is a wonderful place to work.
Qualifications
- 8+ years of experience with Technology Companies that deliver controlled technology nationally and internationally
- Experience with NIST CSF, NIST SP 800-53, NIST SP 800-171, NIST SP 800-218, NIST SP 800-161, and/or ISO 27001
- Experience working in cybersecurity governance (i.e., experience working with NIST CSF; NIST 800-171 and -53; CIS-18 IG1 and ISO 27001)
- Proficiency in at least one programming language (e.g., Python, Java, etc.)
- Background in network and cloud-based platforms (e.g., GCP, AWS, Kubernetes, etc.)
- Familiarity with containerization technologies and deployments
- Experience with Big Data platforms (on premise and cloud)
- Ability to obtain a USG security clearance
- One or more relevant industry certification: CompTIA Security+, CompTIA CySA+, CompTIA CASP+, CISSP, CISM, CISA, ISO 27001, or comparable certifications
Job details
- Seniority level: Director
- Employment type: Full-time
- Job function: Information Technology
- Industries: Business Consulting and Services
Location: San Francisco, CA
San Francisco, CA salary range listed in posting: $140,000.00-$200,000.00
Equal Opportunity Employer
It is Alvarez & Marsal’s practice to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, creed, religion, national origin, ancestry, citizenship status, sex or gender, gender identity or gender expression, sexual orientation, marital status, military service and veteran status, physical or mental disability, or other protected characteristics. Employees and Applicants can find A&M policy statements and additional information by region here.
Unsolicited Resumes from Third-Party Recruiters
Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters are engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.
Location and salary details are provided for context and may be updated by the employer.
#J-18808-Ljbffr