Alvarez & Marsal
Director, National Security-Cybersecurity Governance
Alvarez & Marsal, Los Angeles, California, United States, 90079
Overview
Director, National Security-Cybersecurity Governance at Alvarez & Marsal (A&M). This role focuses on national security-focused risk analysis and mitigation, integrating Zero Trust security frameworks, IAM controls, and regulatory requirements into business systems and processes. The team supports organizations, investors and counsel in identifying, assessing, and reducing national security-related risk with modern security architectures and enterprise-grade solutions. Responsibilities
Lead cross-functional project teams in advisory, oversight, and audit projects related to Foreign Direct Investment (FDI) national security reviews, export and technology controls, and Cybersecurity Maturity Model Certification (CMMC). Develop comprehensive project plans, establish milestones, and manage resources using enterprise project management methodologies. Design and implement Zero Trust architecture frameworks and IAM solutions, including PAM, RBAC, and continuous authentication. Define and document security controls for distributed, big data systems with emphasis on least-privilege access. Conduct enterprise-wide security assessments of administrative, technical, and physical safeguards with focus on identity governance and Zero Trust implementation. Evaluate control maturity against NIST 800-53, ISO 27001, and CMMC. Direct security assessments of applications and software: review architecture diagrams, interview DevSecOps personnel, evaluate IAM integration and Zero Trust, oversee code analysis and network penetration testing, and prepare detailed technical reports for senior counsel and executives. Analyze penetration test results to identify identity-related vulnerabilities and access control weaknesses; develop remediation roadmaps aligned with enterprise standards. Implement and integrate security technologies (SIEM, IGA, PAM) to enable automated compliance monitoring and security oversight. Create and maintain project management artifacts (work breakdown structures, risk registers) and establish governance and reporting to ensure alignment with objectives and regulatory requirements. Availability for travel up to 20% to client sites and security assessment locations. Qualifications
8+ years of experience with technology companies delivering controlled technology nationally and internationally. Experience with NIST CSF, NIST SP 800-53, NIST SP 800-171, NIST SP 800-218, NIST SP 800-161, and/or ISO 27001. Experience in cybersecurity governance (NIST CSF; NIST 800-171 and 800-53; CIS-18 IG1 and ISO 27001). Proficiency in at least one programming language (e.g., Python, Java). Background in network and cloud platforms (e.g., GCP, AWS, Kubernetes). Familiarity with containerization technologies and deployments. Experience with Big Data platforms (on premise and cloud). Ability to obtain a USG security clearance. One or more relevant industry certifications (e.g., CISSP, CISM, CISA, CompTIA Security+, CompTIA CySA+, CompTIA CASP+, ISO 27001). Compensation and Benefits
The salary range is $130,000 - $175,000 annually, with a discretionary bonus program based on performance. Benefits include healthcare plans, 401(k), paid time off, holidays, and other programs; eligibility details are provided by the recruiter. This section also notes inclusive diversity and equal opportunity employer statements as part of A&M’s policy. Seniority level
Director Employment type
Full-time Job function
Information Technology Industries
Business Consulting and Services
#J-18808-Ljbffr
Director, National Security-Cybersecurity Governance at Alvarez & Marsal (A&M). This role focuses on national security-focused risk analysis and mitigation, integrating Zero Trust security frameworks, IAM controls, and regulatory requirements into business systems and processes. The team supports organizations, investors and counsel in identifying, assessing, and reducing national security-related risk with modern security architectures and enterprise-grade solutions. Responsibilities
Lead cross-functional project teams in advisory, oversight, and audit projects related to Foreign Direct Investment (FDI) national security reviews, export and technology controls, and Cybersecurity Maturity Model Certification (CMMC). Develop comprehensive project plans, establish milestones, and manage resources using enterprise project management methodologies. Design and implement Zero Trust architecture frameworks and IAM solutions, including PAM, RBAC, and continuous authentication. Define and document security controls for distributed, big data systems with emphasis on least-privilege access. Conduct enterprise-wide security assessments of administrative, technical, and physical safeguards with focus on identity governance and Zero Trust implementation. Evaluate control maturity against NIST 800-53, ISO 27001, and CMMC. Direct security assessments of applications and software: review architecture diagrams, interview DevSecOps personnel, evaluate IAM integration and Zero Trust, oversee code analysis and network penetration testing, and prepare detailed technical reports for senior counsel and executives. Analyze penetration test results to identify identity-related vulnerabilities and access control weaknesses; develop remediation roadmaps aligned with enterprise standards. Implement and integrate security technologies (SIEM, IGA, PAM) to enable automated compliance monitoring and security oversight. Create and maintain project management artifacts (work breakdown structures, risk registers) and establish governance and reporting to ensure alignment with objectives and regulatory requirements. Availability for travel up to 20% to client sites and security assessment locations. Qualifications
8+ years of experience with technology companies delivering controlled technology nationally and internationally. Experience with NIST CSF, NIST SP 800-53, NIST SP 800-171, NIST SP 800-218, NIST SP 800-161, and/or ISO 27001. Experience in cybersecurity governance (NIST CSF; NIST 800-171 and 800-53; CIS-18 IG1 and ISO 27001). Proficiency in at least one programming language (e.g., Python, Java). Background in network and cloud platforms (e.g., GCP, AWS, Kubernetes). Familiarity with containerization technologies and deployments. Experience with Big Data platforms (on premise and cloud). Ability to obtain a USG security clearance. One or more relevant industry certifications (e.g., CISSP, CISM, CISA, CompTIA Security+, CompTIA CySA+, CompTIA CASP+, ISO 27001). Compensation and Benefits
The salary range is $130,000 - $175,000 annually, with a discretionary bonus program based on performance. Benefits include healthcare plans, 401(k), paid time off, holidays, and other programs; eligibility details are provided by the recruiter. This section also notes inclusive diversity and equal opportunity employer statements as part of A&M’s policy. Seniority level
Director Employment type
Full-time Job function
Information Technology Industries
Business Consulting and Services
#J-18808-Ljbffr