GPS - Information Security Governance Leader - Associate Director
Ernst & Young Advisory Services Sdn Bhd, Mc Lean, VA, United States
GPS - Information Security Governance Leader – Associate Director
Location: McLean
Other locations: Anywhere in Region
Date: Apr 17, 2026
Requisition ID: 1702285
Overview The Information Security Program safeguards classified information, controlled unclassified information (CUI), and other confidential data across EY’s and federal information systems. As Security Governance Leader, you will ensure that security requirements are appropriately applied to each system or environment.
Key Responsibilities
Communicate the value of security governance, risk, and compliance across all organizational stakeholders.
Prepare and present reports on security governance activities, risk assessments, and compliance status to the management team and relevant government authorities.
Foster strong relationships with key stakeholders, including government agencies, assessors, auditors, vendors, and internal teams.
Provide leadership and direction for cybersecurity awareness, basics, literacy, and training for staff and operations personnel commensurate with their responsibilities.
Lead and oversee the information security governance budget, staffing, and contracting.
Build, mentor, and lead a high‑performing team of data stewards, governance analysts, and data quality/lineage professionals.
Develop and implement a comprehensive governance framework for U.S. government security requirements.
Establish and enforce security policies, standards, guidelines, and procedures in accordance with government regulations (NIST, FISMA, FedRAMP, agency‑specific requirements).
Collaborate with cross‑functional teams to assess security risks, identify vulnerabilities, and propose remediation actions.
Conduct regular security risk assessments to identify potential threats and vulnerabilities impacting government security.
Collaborate with other information security and IT departments to ensure that security controls—people, processes, and technologies—are integrated into systems, networks, and applications.
Lead and oversee implementation of security controls, including network and systems monitoring, access controls, encryption, authentication, and user provisioning.
Stay up to date with latest best practices, industry trends, and government security regulations to proactively maintain compliance.
Collaborate with external assessors and auditors during security audits and assessments.
Qualifications
Bachelor’s degree in information security, computer science, or related field.
7‑10+ years’ experience in information security with a focus on U.S. government security requirements and compliance.
3+ years of hands‑on NIST or CMMC assessor experience; NIST RMF‑based assessor experience with cloud‑based (AzureGov, AWS) architectures preferred.
Comprehensive understanding of U.S. government security regulations, standards, and frameworks (NIST SP 800‑53, NIST SP 800‑171, STIGs, Security Requirements Guides).
Experience developing and implementing security policies, standards, and procedures aligned with government requirements.
Proficiency in conducting security risk assessments, vulnerability assessments, and penetration testing methodologies.
Strong knowledge of security technologies (firewalls, intrusion detection/prevention systems, SIEM, secure coding practices).
Excellent communication skills, able to articulate complex security concepts to technical and non‑technical stakeholders.
Proven ability to lead, influence, and collaborate with cross‑functional teams.
Strong analytical and problem‑solving skills, capable of prioritizing tasks and managing multiple projects simultaneously.
Experience in incident response management and security investigations is a plus.
Ability to obtain and maintain a Top Secret security clearance.
Preferred Qualifications
Master’s degree.
Relevant certifications (CISSP, CISM, CISA, CCA) highly desirable.
Benefits and Compensation
Competitive base salary range: $152,700 to $294,000 (U.S. locales) and $183,300 to $334,100 in selected metro areas.
Medical, dental, pension, 401(k), and paid time off.
Hybrid work model: 40–60% onsite for client‑serving roles.
Flexible vacation policy, paid holidays, and special leave options.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you have a disability and need assistance applying online or requesting accommodation during any part of the application process, please contact 1‑800‑EY‑HELP3 and select Option 2 for candidate‑related inquiries.
#J-18808-Ljbffr
Other locations: Anywhere in Region
Date: Apr 17, 2026
Requisition ID: 1702285
Overview The Information Security Program safeguards classified information, controlled unclassified information (CUI), and other confidential data across EY’s and federal information systems. As Security Governance Leader, you will ensure that security requirements are appropriately applied to each system or environment.
Key Responsibilities
Communicate the value of security governance, risk, and compliance across all organizational stakeholders.
Prepare and present reports on security governance activities, risk assessments, and compliance status to the management team and relevant government authorities.
Foster strong relationships with key stakeholders, including government agencies, assessors, auditors, vendors, and internal teams.
Provide leadership and direction for cybersecurity awareness, basics, literacy, and training for staff and operations personnel commensurate with their responsibilities.
Lead and oversee the information security governance budget, staffing, and contracting.
Build, mentor, and lead a high‑performing team of data stewards, governance analysts, and data quality/lineage professionals.
Develop and implement a comprehensive governance framework for U.S. government security requirements.
Establish and enforce security policies, standards, guidelines, and procedures in accordance with government regulations (NIST, FISMA, FedRAMP, agency‑specific requirements).
Collaborate with cross‑functional teams to assess security risks, identify vulnerabilities, and propose remediation actions.
Conduct regular security risk assessments to identify potential threats and vulnerabilities impacting government security.
Collaborate with other information security and IT departments to ensure that security controls—people, processes, and technologies—are integrated into systems, networks, and applications.
Lead and oversee implementation of security controls, including network and systems monitoring, access controls, encryption, authentication, and user provisioning.
Stay up to date with latest best practices, industry trends, and government security regulations to proactively maintain compliance.
Collaborate with external assessors and auditors during security audits and assessments.
Qualifications
Bachelor’s degree in information security, computer science, or related field.
7‑10+ years’ experience in information security with a focus on U.S. government security requirements and compliance.
3+ years of hands‑on NIST or CMMC assessor experience; NIST RMF‑based assessor experience with cloud‑based (AzureGov, AWS) architectures preferred.
Comprehensive understanding of U.S. government security regulations, standards, and frameworks (NIST SP 800‑53, NIST SP 800‑171, STIGs, Security Requirements Guides).
Experience developing and implementing security policies, standards, and procedures aligned with government requirements.
Proficiency in conducting security risk assessments, vulnerability assessments, and penetration testing methodologies.
Strong knowledge of security technologies (firewalls, intrusion detection/prevention systems, SIEM, secure coding practices).
Excellent communication skills, able to articulate complex security concepts to technical and non‑technical stakeholders.
Proven ability to lead, influence, and collaborate with cross‑functional teams.
Strong analytical and problem‑solving skills, capable of prioritizing tasks and managing multiple projects simultaneously.
Experience in incident response management and security investigations is a plus.
Ability to obtain and maintain a Top Secret security clearance.
Preferred Qualifications
Master’s degree.
Relevant certifications (CISSP, CISM, CISA, CCA) highly desirable.
Benefits and Compensation
Competitive base salary range: $152,700 to $294,000 (U.S. locales) and $183,300 to $334,100 in selected metro areas.
Medical, dental, pension, 401(k), and paid time off.
Hybrid work model: 40–60% onsite for client‑serving roles.
Flexible vacation policy, paid holidays, and special leave options.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you have a disability and need assistance applying online or requesting accommodation during any part of the application process, please contact 1‑800‑EY‑HELP3 and select Option 2 for candidate‑related inquiries.
#J-18808-Ljbffr