Director of Information Security & Risk Management

Job Description

Job Description

The Director of Information Security & Risk Management serves as Sigmatech's senior information security executive, reporting directly to the CAO. This role is responsible for leading the company's enterprise-wide cybersecurity program, protecting sensitive data, and ensuring ongoing compliance with federal regulations including DFARS 7012, NIST SP 800-171, and CMMC .

This position manages information security as a core business risk , balancing executive-level strategic leadership with hands-on operational oversight. The Director oversees all facets of the company's security program, advancing resilience, regulatory readiness, and competitive strength within the defense industrial base.

The enterprise information security program is structured across three core pillars:

• Governance, Risk & Compliance (GRC) - enterprise risk management, compliance oversight, executive advisory.
• Security Operations - monitoring, incident response, vulnerability management, business continuity.
• Security Architecture & Engineering - secure design, modernization, and continuous improvement of systems and networks.

Key Responsibilities

Governance, Risk & Compliance (GRC)

• Serve as the executive advisor on cybersecurity and compliance risks to the CEO and senior leadership.
• Ensure enterprise compliance with DFARS 7012, NIST SP 800-171, and CMMC requirements.
• Direct enterprise risk management activities, including risk registers, POAMs, and mitigation planning.
• Develop, implement, and enforce enterprise security policies, standards, and procedures.
• Represent the company during audits, assessments, and customer engagements as the accountable cybersecurity executive.

Security Operations

• Lead and oversee incident response, threat detection, and vulnerability management programs.
• Direct business continuity and disaster recovery planning and execution.
• Build and lead cross-functional security teams to ensure effective day-to-day operations.

Security Architecture & Engineering

• Provide executive guidance for secure system and network design, implementation, and continuous improvement.
• Ensure security is embedded into system architecture, application development, and modernization initiatives.
• Guide adoption of new technologies to balance business growth with risk reduction and resilience.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, or related field.
• One or more advanced certifications (e.g., CISSP, CISM, CISA, or equivalent).
• 10+ years of progressive experience in information security, with at least 5 years leading enterprise security programs.
• Active Secret clearance
• Demonstrated leadership in regulated environments (e.g., DoD, defense industrial base, DFARS/CMMC).
• Strong knowledge of risk management, compliance frameworks, and executive communication.
• Proven ability to navigate executive-level communication and organizational leadership.

Preferred Qualifications

• Master's degree in Cybersecurity, Information Assurance, or related field.
• Experience leading an organization through CMMC or NIST SP 800-171 DIBCAC preparation/assessments.
• Additional certifications such as CRISC, ISSMP, or CMMC Professional/Assessor credentials.
• Proven track record in building or maturing enterprise security programs.
• Strong knowledge of hybrid cloud and on-premises security in Microsoft 365 GCC High or similar environments.