The Senior Cybersecurity and Compliance Director is a senior level role responsible for establishing, managing, and continuously improving the company’s internal information security, cybersecurity compliance, and risk management programs. This leadership role ensures the organization meets all obligations associated with supporting state and local government clients, federal civilian agencies, and DoD contractors, including compliance with NIST SP 800-171, CMMC, ISO/IEC 27001:2022, and PCI-DSS (as required). Reporting directly to the General Counsel, the Senior Cybersecurity and Compliance Director drives internal cybersecurity governance, oversees enterprise risk decisions, ensures regulatory and contractual compliance, and serves as the final authority over all internal security controls, policies, security operations, and incident response.

Responsibilities and Essential Duties

Enterprise Security Leadership

• Develop and execute a corporate cybersecurity strategy aligned with business objectives, risk appetite, regulatory requirements, and government contracting obligations.
• Lead the internal security function, including security engineering, security operations, governance, and privacy alignment.
• Advise the General Counsel and executive leadership team on cyber risk, compliance exposure, and major security decisions.
• Provide regular reporting to executive leadership, the CEO, and the Board on security posture, risks, incidents, and compliance programs.

Internal Cybersecurity Governance & Compliance

• Responsible for corporate compliance with all government and industry cybersecurity frameworks:
• NIST SP 800-171
• CMMC (current and emerging versions)
• DFARS 252.204-7012 obligations
• FAR & agency-specific security clauses for civilian agency support
• State and local government IT security requirements
• ISO/IEC 27001:2022
• PCI-DSS (as applicable)
• Oversee the internal Information Security Management System (ISMS) and maintain certification readiness.
• Lead internal audits, evidence collection, POA&M management, and continuous monitoring.
• Maintain a current System Security Plan (SSP), risk register, and compliance documentation library.
• Ensure all contractual cybersecurity clauses and flow-downs are properly implemented across the organization.

Security Operations & Engineering

• Lead enterprise security operations, including vulnerability scanning and remediation, endpoint and mobile device security, network and cloud security (Azure/AWS/O365, etc.), identity and access management (IAM/MFA/privileged access) and SIEM, logging, and monitoring.
• Oversee the enterprise’s incident detection and response program, including tabletop exercises, escalation procedures, after-action reporting, and legally mandated notifications.
• Ensure secure design and implementation of all internal IT systems, SaaS platforms, and corporate infrastructures.

Risk Management

• Own and manage the corporate cybersecurity risk management program.
• Conduct and oversee periodic risk assessments and ensure appropriate risk treatment decisions.
• Present risk acceptance or mitigation recommendations to the General Counsel and executive team.
• Ensure cybersecurity is fully integrated with enterprise risk, legal review, and corporate governance processes.

Collaboration with Legal & Corporate Stakeholders

• Work closely with the General Counsel on regulatory compliance, contract reviews incident response coordination, data protection and privacy obligations and government security clauses and reporting.
• Collaborate with Finance, HR, IT, Sales, and Operations to embed security into enterprise processes, onboarding/offboarding, procurement, and solution development.
• Support Sales and Contracts on internal security representations (e.g., RFP responses, vendor security reviews).

Vendor & Third-Party Risk Management

• Oversee third-party risk assessments, due diligence, contract security language, and ongoing monitoring.
• Ensure that subcontractors, SaaS applications, cloud services, and strategic partners meet internal and client-imposed security requirements.
• Maintain and enforce vendor security policies and security addenda.

• Bachelor’s degree in cybersecurity, information technology, business, or related discipline; Master’s preferred and/or equivalent work experience.
• 10+ years of experience in cybersecurity and information security roles.
• 5+ years in senior leadership or CISO-level capacity.
• Direct experience managing internal cybersecurity programs within a government contracting, technology, or professional services organization.

Knowledge/Skills/Abilities

• Expert-level knowledge of NIST SP 800-171, CMMC, ISO/IEC 27001:2022, DFARS, FAR, and federal agency cybersecurity requirements, state and local government security expectations, and PCI-DSS (where applicable).
• Proven ability to lead internal incident response, risk management, and enterprise GRC programs.
• Senior leader-level communication and ability to articulate cybersecurity risk to legal, operational, and business leaders.
• Strong decision making, judgment, and ability to prioritize risk in a business-focused environment.
• Integrity, confidentiality, and composure in handling sensitive or high-impact matters.
• Deep understanding of federal, state, and local government contracting cybersecurity requirements.

Preferred Certifications

• CISSP, CISM, CRISC or CGEIT, PCI ISA/QSA experience beneficial

As a federal government contractor and a recipient of federal funding, Mythics and Emergent is required to abide by the Drug-Free Workplace Act, which requires Mythics and Emergent to provide a drug-free workplace, among other obligations.  As part of this effort, Mythics and Emergent requires pre-employment drug tests for all candidates for employment.  Please note that marijuana (including medical marijuana) is designated as a controlled substance under federal law and will be screened for in the drug test.

Why work at Mythics?

Because at Mythics, YOU count! At Mythics, our Corporate Values are at the foundation of everything we do. Our values, Respect – Empathy – Excellence – Fun (REEF), have created an environment that fosters creative thinking, respects your contributions, and accepts nothing less than excellence in serving our customers.  At Mythics, you will experience a truly enjoyable corporate culture. But don’t just take our word for it! 

Enjoy Tailored Benefits to Suit Your Needs with our Flexible Options. Our benefit options include:  

• Comprehensive Health, Dental, and Vision plans 
• Premier 401k retirement plan with corporate matching and a 529 college saving plan
• Tax-advantaged Health Savings Account and Dependent Care Flexible Spending Account options
• Legal Resources

 Unlock Exclusive Benefits for Full-Time Employees: 

• Generous work/life balance opportunities supported by a PTO bank, paid holidays, leave programs and additional flex time off
• Employee referral program
• Employee recognition, gift and reward program 
• Tuition reimbursement for continuing education
• Remote or hybrid work options
• Engaging company events such as team building activities, annual awards and kick-off parties
• Health and wellness-focused activities
• Relaxation Spaces
• In-office gourmet coffee, tea, fresh fruit and healthy snacks
• Corporate GREEN approach – tracking energy consumption for reduction and purchasing only environmentally friendly products for our offices

Founded in 2000, Mythics is an award-winning Oracle systems integrator, consulting firm, managed services provider and elite Oracle platinum resale partner. Our business model is all about deep knowledge of Oracle technologies and business processes. We offer procurement and Oracle systems integration expertise across the full range of Oracle cloud, software, support, hardware, engineered systems, and appliances.  It’s a focus that gives us the critical business experience and the Oracle technology advantage you need to succeed.

Mythics, LLC is an equal opportunity employer. In accordance with applicable federal, state, and/or local law, all qualified applicants will receive consideration regardless of race, color, religion, national origin, sex, disability, sexual orientation, gender identity, age, marital status, medical condition, veteran status, or other factors protected by law. We offer equal opportunity in compensation, advancement opportunities, and all other terms and conditions of employment. As a federal government contractor, Mythics has developed and maintains a written Affirmative Action Program relating to individuals with disabilities and protected veterans, which sets forth the policies, practices and procedures to which the Company is committed in order to ensure that its policy of nondiscrimination and affirmative action for qualified individuals with disabilities and protected veterans is followed. For those unable to complete an online application, alternative methods are available by contacting accommodationrequests@mythics.com. For more information about Federal laws prohibiting job discrimination, please read Know Your Rights.