Sr. Director, Compliance & Risk Management Solutions

Description

Position Summary:

The Sr. Director, Compliance & Risk Management Solutions is responsible for establishing, leading, and scaling a core business capability focused on E-Discovery, FOIA Compliance, Data Privacy Compliance, Risk Management Framework (RMF), and Authority to Operate (ATO) services, including continuous monitoring, vulnerability and incident alerting, and DevSecOps-aligned security automation. This role owns the full lifecycle of the capability—strategy, client targeting, business development, solution design, delivery execution, and talent development—while ensuring technical rigor and compliance with NIST 800-37, 800-53, 800-30, and agency-specific security and privacy requirements.

The role is both externally facing (client engagement, pipeline development, capture support) and internally focused (capability maturity, delivery excellence, margin performance, and workforce development), serving as a trusted advisor to federal clients and a growth leader within the organization.

Key Responsibilities

Capability & Practice Leadership

• Establish and lead an integrated Compliance & Risk Management capability encompassing RMF/ATO, E-Discovery, FOIA operations, privacy compliance, continuous monitoring, and security      automation solutions.
• Define the vision, service offerings, operating model, and roadmap for the practice, including professional services and supporting technology solutions.
• Develop reusable frameworks, playbooks, authorization artifacts, and standardized methodologies to improve delivery quality, scalability, and margins.
• Ensure alignment of offerings with federal agency priorities, evolving cybersecurity mandates, and regulatory requirements.

Business Development & Client Growth

• Identify and prioritize target federal clients, agencies, and mission areas aligned to RMF, Privacy, and Compliance      Modernization initiatives.
• Leverage existing executive and technical relationships to expand footprint, increase task order awards, and generate net-new opportunities.
• Partner with Capture, BD, and Contracts teams to shape opportunities, develop win strategies, and support proposal      development (technical volumes, staffing plans, pricing assumptions).
• Serve as a senior solution architect and subject matter expert during client engagements, orals, and technical interchange      meetings.

Solution Design & Execution

• Lead the design and execution of RMF and ATO solutions supporting:
  • System security categorizations
  • System Security Plans (SSPs)
  • Risk Assessments and Threat Modeling (NIST 800-30)
  • POA&Ms, control inheritance, and remediation strategies
  • Continuous monitoring artifacts and reporting
• Ensure compliance with NIST 800-37 lifecycle requirements, 800-53 security and privacy controls, and agency-specific overlays (e.g., FedRAMP, DHS, DoD, civilian agency requirements).
• Oversee delivery of E-Discovery and FOIA compliance solutions that align with federal records management, privacy, and litigation readiness requirements.
• Support client authorization decisions by providing accurate, defensible risk assessments and documentation that reduce      time-to-ATO and reauthorization delays.

Innovation, Automation & DevSecOps Enablement

• Drive adoption of automation, reusable authorization artifacts, and continuous control monitoring to modernize RMF and compliance delivery.
• Integrate DevSecOps-aligned security controls into system pipelines, enabling faster, more resilient ATO and continuous      authorization models.
• Collaborate with engineering and product teams to align professional services with supporting technology platforms and      tools.
• Monitor emerging technologies, OMB guidance, and federal cybersecurity trends to continuously evolve offerings.

People, Talent & Operational Management

• Build, mentor, and retain a high-performing team of cybersecurity, privacy, compliance, and risk professionals.
• Define role structures, career paths, training plans, and certification strategies aligned to NIST, RMF, and agency      requirements.
• Ensure delivery excellence, client satisfaction, compliance with contract requirements, and achievement of revenue, margin,      and utilization targets.
• Partner with HR, Finance, and Operations to manage workforce planning, cost controls, and scalability.

Requirements

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Systems, Engineering, Public Policy, or a related field (Master’s degree      preferred).
• 12+ years of progressive experience in federal cybersecurity, risk management, compliance, or privacy programs, including senior leadership experience.
• Demonstrated expertise in Privacy Standards, RMF and ATO execution, including but limited to FOIA, SSPs, POA&Ms, continuous monitoring, and authorization decision support.
• Deep working knowledge of NIST 800-37, 800-53, 800-30, and agency-specific cybersecurity and privacy requirements.
• Proven experience identifying target clients, shaping opportunities, and supporting successful federal contract awards.
• Experience leading multidisciplinary teams and scaling a practice or capability within a government contracting environment 

Preferred Qualifications

• Experience supporting FedRAMP, DoD, DHS, or large civilian agency authorization programs.
• Familiarity with E-Discovery platforms, FOIA workflows, privacy impact assessments (PIAs), and data governance frameworks.
• Certifications such as CISSP, CISM, CRISC, PMP, or equivalent a plus.
• Experience integrating cybersecurity compliance into DevSecOps and cloud environments.
• Active or ability to obtain a U.S. Government security clearance.

Core Competencies

• Strategic leadership and practice development
• Federal business development and client relationship management
• Cybersecurity, privacy, and risk management expertise
• Federal Contracts expertise
• Federal Privacy regulations
• Senior Level communication and stakeholder engagement
• Operational discipline and delivery excellence
• Innovation, automation, and continuous improvement mindset