Director, IT Risk Compliance

The IT Risk Compliance Director shall provide on-demand cybersecurity staff augmentation services to support the Department in proactively identifying, analyzing, and mitigating cybersecurity risks across its enterprise environment. Services include, but are not limited to:

• Conduct comprehensive vulnerability assessments using industry-standard tools and methodologies
• Perform penetration testing using a structured approach, progressing from passive to active techniques
• Identify and analyze Indicators of Compromise (IOCs), unauthorized access attempts, and data exfiltration risks
• Detect and remediate misconfigurations and insecure network services
• Apply and interpret the Common Vulnerability Scoring System (CVSS) for risk prioritization
• Conduct threat hunting activities to detect active or persistent threats within enterprise environments
• Provide incident response support, including containment, eradication, and recovery recommendations

Required Qualifications

A bachelor’s or master’s degree from an accredited college or university in Computer Science, Information Systems, or a related field is required. Equivalent work experience (four (4) years) may be substituted on a year-for-year basis where applicable.

Required Experience, Skills, and Knowledge

• Demonstrated experience delivering cybersecurity services in large, complex enterprise environments, preferably within government or criminal justice agencies
• Proven track record in threat hunting, vulnerability assessments, penetration testing (internal and external), and incident response
• Experience supporting environments subject to Criminal Justice Information Services (CJIS) Security Policy requirements
• Ability to provide advisory services, including cybersecurity strategy, governance, risk, and compliance (GRC), and remediation planning
• Minimum of five (5) years of hands‑on cybersecurity experience in one or more of the following areas:
• Threat hunting and threat intelligence
• Penetration testing and ethical hacking
• Vulnerability management
• Incident response and digital forensics
• Demonstrated experience in both offensive security roles (e.g., red team, penetration testing) and defensive security roles (e.g., Security Operations Center (SOC), blue team, incident response)

Note

The selected candidate must successfully complete a Level II Background Check.

Preferred Qualifications

• Experience conducting red team and adversarial simulation exercises
• Ability to support cybersecurity roadmap development and maturity assessments
• Relevant industry certifications such as:
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• Global Information Assurance Certification (GIAC)
• Certified Information Security Manager (CISM)Certified Information Systems Auditor (CISA)
• Experience collaborating with client Managed Service Providers (MSPs) and internal IT teams