GPS Information Security Governance Leader Associate Director

From strategy to execution the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal State Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse high-performing teams quality work at the highest professional standards operational know-how from across our global organization and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our militaryveteransand citizens; delivering essential public services; and helping those in need. EY is ready to help our government build a better working world.

The opportunity

The Information Security Program safeguards classified information controlled unclassified information (CUI) and other confidential information in a mix of EY information systems and EY operated federal information system. As such the Security Governance Leader must understand the various security requirements and ensure they are appropriately applied to each system or environment.

Your key responsibilities

• Communicate the value of security governance risk and compliance throughout all levels of the organization stakeholders.
• Prepare and present reports on security governance activities risk assessments and compliance status to the management team and relevant government authorities
• Foster strong relationships with key stakeholders including government agencies assessors auditors vendors and internal teams
• Provide leadership and direction for ensuring that cybersecurity awareness basics literacy and training are provided to staff and operations personnel commensurate with their responsibilities.
• Lead and oversee information security governance budget staffing and contracting.
• Build mentor and lead a high-performing team of data stewards governance analysts and data quality/lineage professionals
• Develop and implement a comprehensive governance framework for addressing the US government security requirements
• Establish and enforce security policies standards guidelines and procedures in accordance with government regulations such as NIST standards and FISMA guidelines FedRAMP and agency specific requirements
• Collaborate with cross-functional teams to assess security risks identify vulnerabilities and propose remediation actions
• Conduct regular security risk assessments to identify potential threats and vulnerabilities impacting government security
• Collaborate with the other Information Security and IT departments to ensure that security controls including people processes and technologies are integrated into systems networks and applications
• Lead and oversee the implementation of security controls including network and systems monitoring access controls encryption authentication and user provisioning
• Stay up to date with the latest best practices industry trends and government security regulations to proactively maintain compliance
• Collaborate with external assessors and auditors and government officials during security audits and assessments

To qualify for the role you must have

• Bachelors degree in information security computer science or relevant experience
• A minimum of 7-10 years of experience in information security with a focus on US government security requirements and compliance
• A minimum of 3 years of experience with hands-on NIST or CMMC assessor experience; NIST RMF-based assessor experience with cloud-based (AzureGov AWS) architectures preferred.
• Comprehensive understanding of US government security regulations standards and frameworks including NIST Special Publications (e.g. NIST SP 800-53 NIST SP 800-171) and various other government publications (e.g. STIGs Security Requirements Guides)
• Experience developing and implementing security policies standards and procedures in alignment with government security requirements
• Proficiency in conducting security risk assessments vulnerability assessments and penetration testing methodologies
• Strong knowledge of security technologies including firewalls intrusion detection/prevention systems security information and event management (SIEM) and secure coding practices
• Excellent communication skills with the ability to effectively articulate complex security concepts to both technical and non-technical stakeholders
• Proven ability to lead influence and collaborate with cross functional teams
• Strong analytical and problem-solving skills with the ability to prioritize tasks and manage multiple projects simultaneously
• Experience in incident response management and conducting security investigations is a plus
• Ability to obtain and maintain a Top Secret security clearance

Ideally youll also have

• Masters degree preferred
• Relevant certifications such as Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) or Certified CMMC Assessor (CCA) are highly desirable