Director of Cybersecurity, Governance, Risk and Compliance

Gross Mendelsohn, one of the Mid-Atlantic’s leading independent CPA and advisory firms, is seeking a strategic and technically strong Director of Cybersecurity Governance, Risk & Compliance (GRC) to build and lead our cybersecurity and IT risk advisory capabilities.

This is a visible, high-impact leadership role responsible for designing, implementing, and overseeing enterprise cybersecurity and IT compliance programs for both clients and the firm, particularly government contractors and organizations operating in regulated environments.

As cybersecurity requirements continue to intensify, this role will sit at the intersection of IT architecture, regulatory compliance, risk advisory, and executive leadership. The Director will help position Gross Mendelsohn as a trusted advisor in cybersecurity governance, CUI compliance, and federal regulatory readiness.

Recognized with nine Top Workplace awards, Gross Mendelsohn is committed to professional excellence, collaboration, and long-term growth. This opportunity offers leadership visibility, strategic influence, and the ability to build and expand a critical service line within a respected independent firm.

Key Responsibilities

Cybersecurity & IT Governance Leadership

• Serve as the firm’s senior leader for cybersecurity governance, risk, and compliance advisory services

• Design and oversee enterprise cybersecurity frameworks aligned with NIST CSF, NIST SP 800-171, NIST SP 800-53, ISO 27001, and related standards

• Lead end-to-end CUI and federal compliance programs, including development and maintenance of System Security Plans (SSP) and Plans of Action & Milestones (POA&M)

• Conduct NIST SP 800-171 gap assessments and develop prioritized remediation roadmaps

• Support clients with DFARS 252.204-7012 compliance, SPRS scoring, and CMMC readiness initiatives

• Prepare clients for audits, mock assessments, and government inquiries

IT Infrastructure & Security Oversight

• Oversee implementation and validation of technical cybersecurity controls, including:

• Multi-factor authentication

• Encryption (data at rest and in transit)

• Endpoint protection

• Logging, SIEM, and continuous monitoring

• Network segmentation

• Secure configuration and hardening standards

• Provide advisory oversight of secure cloud environments, including Microsoft GCC High, Azure Government, and AWS GovCloud

• Establish identity and access management frameworks and privileged access controls

• Evaluate backup, disaster recovery, and business continuity processes

• Direct incident response strategy and regulatory reporting obligations

Supply Chain & Flow-Down Advisory

• Advise prime contractors on subcontractor cybersecurity flow-down requirements

• Assess subcontractor readiness and compliance risk exposure

• Support documentation required for federal scrutiny

Training & Continuous Improvement

• Develop and deliver CUI-specific and role-based cybersecurity training

• Implement measurable security awareness initiatives, including phishing simulations

• Lead annual program reviews and continuous improvement initiatives

• Maintain compliance posture during infrastructure changes, acquisitions, or system transitions

Executive Advisory & Reporting

• Prepare executive-level cybersecurity risk reports and board-ready briefings

• Translate complex technical risk into actionable business guidance

• Collaborate with firm leadership to expand cybersecurity service offerings

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Engineering, or related field

• 7–12+ years of progressive experience in cybersecurity, IT risk, compliance, or security architecture

• Demonstrated experience leading CUI, DFARS, and NIST 800-171 compliance initiatives

• Experience working within a government contractor or regulated environments strongly preferred

• Experience with secure federal cloud platforms such as GCC High or GovCloud preferred

• Professional certifications preferred: CISSP, CISM, CISA, ISO 27001 Lead Implementer, Security+, or equivalent

Required Skills and Competencies

Technical Expertise

• Deep understanding of modern IT infrastructure, cloud security, and cybersecurity architecture

• Strong working knowledge of NIST frameworks and federal cybersecurity regulations

• Experience leading risk assessments and remediation programs

• Strong documentation, audit-readiness, and control validation capabilities

Analytical Strength

• Exceptional risk analysis and problem-solving skills

• Ability to align cybersecurity controls with business processes

• Strong systems thinking and governance design capability

Interpersonal & Professional Skills

• Strong executive presence and communication skills

• Ability to present complex cybersecurity risks clearly to non-technical audiences

• Collaborative leadership style with the ability to build cross-functional relationships

• Growth-oriented mindset with interest in expanding advisory capabilities

Additional Requirements

• U.S. Citizenship required

• Ability to travel up to 30% to client sites as needed

• Proficiency in Microsoft Office and cybersecurity reporting tools

Why Join Gross Mendelsohn?

• Lead and grow a high-impact cybersecurity advisory capability

• Work directly with firm leadership in a visible strategic role

• Contribute to modernization initiatives within a respected independent firm

• Collaborative, growth-oriented culture

• Competitive compensation and comprehensive benefits

• Free parking at our Locust Point/McHenry Row office

• Hybrid flexibility is available with approval

Work Environment

This role offers flexibility to work hybrid or fully remote; however, the Director of Cybersecurity will be expected to be present at client sites or in the office as business needs require, particularly for client delivery, team leadership, and strategic initiatives.

Physical Requirements

Ability to sit for extended periods, lift up to 20 pounds, and manage physical files and documentation as needed.

Join Us

Gross Mendelsohn is an equal opportunity employer

committed to fostering a respectful and inclusive workplace.