Senior Cybersecurity and Compliance Director

The Senior Cybersecurity and Compliance Director is a senior level role responsible for establishing managing and continuously improving the companys internal information security cybersecurity compliance and risk management programs. This leadership role ensures the organization meets all obligations associated with supporting state and local government clients federal civilian agencies and DoD contractors including compliance with NIST SP 800-171 CMMC ISO/IEC 27001:2022 and PCI-DSS (as required). Reporting directly to the General Counsel the Senior Cybersecurity and Compliance Director drives internal cybersecurity governance oversees enterprise risk decisions ensures regulatory and contractual compliance and serves as the final authority over all internal security controls policies security operations and incident response.

Responsibilities and Essential Duties

Enterprise Security Leadership

• Develop and execute a corporate cybersecurity strategy aligned with business objectives risk appetite regulatory requirements and government contracting obligations.
• Lead the internal security function including security engineering security operations governance and privacy alignment.
• Advise the General Counsel and executive leadership team on cyber risk compliance exposure and major security decisions.
• Provide regular reporting to executive leadership the CEO and the Board on security posture risks incidents and compliance programs.

Internal Cybersecurity Governance & Compliance

• Responsible for corporate compliance with all government and industry cybersecurity frameworks:
• NIST SP 800-171
• CMMC (current and emerging versions)
• DFARS 252.204-7012 obligations
• FAR & agency-specific security clauses for civilian agency support
• State and local government IT security requirements
• ISO/IEC 27001:2022
• PCI-DSS (as applicable)
• Oversee the internal Information Security Management System (ISMS) and maintain certification readiness.
• Lead internal audits evidence collection POA&M management and continuous monitoring.
• Maintain a current System Security Plan (SSP) risk register and compliance documentation library.
• Ensure all contractual cybersecurity clauses and flow-downs are properly implemented across the organization.

Security Operations & Engineering

• Lead enterprise security operations including vulnerability scanning and remediation endpoint and mobile device security network and cloud security (Azure/AWS/O365 etc.) identity and access management (IAM/MFA/privileged access) and SIEM logging and monitoring.
• Oversee the enterprises incident detection and response program including tabletop exercises escalation procedures after-action reporting and legally mandated notifications.
• Ensure secure design and implementation of all internal IT systems SaaS platforms and corporate infrastructures.

Risk Management

• Own and manage the corporate cybersecurity risk management program.
• Conduct and oversee periodic risk assessments and ensure appropriate risk treatment decisions.
• Present risk acceptance or mitigation recommendations to the General Counsel and executive team.
• Ensure cybersecurity is fully integrated with enterprise risk legal review and corporate governance processes.

Collaboration with Legal & Corporate Stakeholders

• Work closely with the General Counsel on regulatory compliance contract reviews incident response coordination data protection and privacy obligations and government security clauses and reporting.
• Collaborate with Finance HR IT Sales and Operations to embed security into enterprise processes onboarding/offboarding procurement and solution development.
• Support Sales and Contracts on internal security representations (e.g. RFP responses vendor security reviews).

Vendor & Third-Party Risk Management

• Oversee third-party risk assessments due diligence contract security language and ongoing monitoring.
• Ensure that subcontractors SaaS applications cloud services and strategic partners meet internal and client-imposed security requirements.
• Maintain and enforce vendor security policies and security addenda.

• Bachelors degree in cybersecurity information technology business or related discipline; Masters preferred and/or equivalent work experience.
• 10 years of experience in cybersecurity and information security roles.
• 5 years in senior leadership or CISO-level capacity.
• Direct experience managing internal cybersecurity programs within a government contracting technology or professional services organization.

Knowledge/Skills/Abilities

• Expert-level knowledge of NIST SP 800-171 CMMC ISO/IEC 27001:2022 DFARS FAR and federal agency cybersecurity requirements state and local government security expectations and PCI-DSS (where applicable).
• Proven ability to lead internal incident response risk management and enterprise GRC programs.
• Senior leader-level communication and ability to articulate cybersecurity risk to legal operational and business leaders.
• Strong decision making judgment and ability to prioritize risk in a business-focused environment.
• Integrity confidentiality and composure in handling sensitive or high-impact matters.
• Deep understanding of federal state and local government contracting cybersecurity requirements.

Preferred Certifications

• CISSP CISM CRISC or CGEIT PCI ISA/QSA experience beneficial

As a federal government contractor and a recipient of federal funding Mythics and Emergent is required to abide by the Drug-Free Workplace Act which requires Mythics and Emergent to provide a drug-free workplace among other obligations. As part of this effort Mythics and Emergent requires pre-employment drug tests for all candidates for employment. Please note that marijuana (including medical marijuana) is designated as a controlled substance under federal law and will be screened for in the drug test.

Why work at Mythics

Because at Mythics YOU count!At Mythics our Corporate Values are at the foundation of everything we do. Our values Respect Empathy Excellence Fun (REEF) have created an environment that fosters creative thinking respects your contributions and accepts nothing less than excellence in serving our customers.At Mythics you will experience a truly enjoyable corporate culture. But dont just take our word for it!

Enjoy Tailored Benefits to Suit Your Needs with our Flexible Options. Our benefit options include:

• Comprehensive Health Dental and Vision plans
• Premier 401k retirement plan with corporate matching and a 529 college saving plan
• Tax-advantaged Health Savings Account and Dependent Care Flexible Spending Account options
• Legal Resources

Unlock Exclusive Benefits for Full-Time Employees:

• Generous work/life balance opportunities supported by a PTO bank paid holidays leave programs and additional flex time off
• Employee referral program
• Employee recognition gift and reward program
• Tuition reimbursement for continuing education
• Remote or hybrid work options
• Engaging company events such as team building activities annual awards and kick-off parties
• Health and wellness-focused activities
• Relaxation Spaces
• In-office gourmet coffee tea fresh fruit and healthy snacks
• Corporate GREEN approach tracking energy consumption for reduction and purchasing only environmentally friendly products for our offices

Foundedin 2000 Mythicsis an award-winning Oracle systems integrator consulting firm managed services provider and elite Oracle platinum resale partner. Our business model is all about deep knowledge of Oracle technologies and business processes. We offer procurement and Oracle systems integration expertise across the full range of Oracle cloud software support hardware engineered systems and appliances. Its a focus that gives us the critical business experience and the Oracle technologyadvantageyou need to succeed.

Mythics LLC is an equal opportunity accordance with applicable federal state and/or local law all qualified applicants will receive consideration regardless of race color religion national origin sex disability sexual orientation gender identity age marital status medical condition veteran status or other factors protected by law. We offer equal opportunity in compensation advancement opportunities and all other terms and conditions of employment. As a federal government contractor Mythics has developed and maintains a written Affirmative Action Program relating to individuals with disabilities and protected veterans which sets forth the policies practices and procedures to which the Company is committed in order to ensure that its policy of nondiscrimination and affirmative action for qualified individuals with disabilities and protected veterans is followed. For those unable to complete an online application alternative methods are available by contacting. For more information about Federal laws prohibiting job discrimination please readKnow Your Rights.