• Director, Information Security

    Bowman (Reston, VA)


    Short Description

    Bowman has an opportunity for a Director, Information Technology to join our team in Reston, VA.

     

    At Bowman, we believe in creating opportunities for aspiring people to thrive and achieve ambitious goals. That’s why a career at Bowman is more than a job. It is an opportunity to be part of a diverse and engaged community of professionals, to be treated as a respected and valued member of a motivated team and to be empowered to do exceptional work that advances the best interest of everyone involved. We recognize the importance of creating a work environment that is both rewarding to our employees and supportive of our unwavering commitment to provide unparalleled service to our clients.

     

    Purpose

     

    The Director of Information Security leads the enterprise security function to protect information assets and manage risk across the organization. This position is responsible for strategic oversight and leadership across all major security domains, including endpoint security, vulnerability management, infrastructure security, cloud security, logging and detection, data protection, application security, GRC, and incident response. The Director will align security initiatives with business objectives, develop a robust security architecture, ensure regulatory compliance, and foster a culture of cybersecurity awareness. The role includes managing hands-on security professionals and scaling the team to meet evolving organizational needs.

    Responsibilities

    Leadership and Direction

    + Report to the CIO/CISO and contribute to executive-level decision making on security matters.

    + Provide strategic leadership over the information security function, including technical operations, GRC, and incident response.

    + Supervise a growing team of security professionals, with responsibility for hiring, performance management, training, and development.

    + Build and execute a multi-year information security roadmap aligned with business goals and evolving threat landscapes.

    At the Operational and Company Level

    + Collaborate with IT, Legal, HR, Marketing, Compliance, Product, and business units to implement practical, risk-based security controls and policies across the enterprise.

    + Serve as a subject matter expert on cybersecurity, advising stakeholders across the enterprise.

    + Communicate risk posture, security metrics and program maturity to executive leadership and governance bodies.

    Do the Work

    + Lead the design, implementation, and continuous improvement of secure enterprise architectures, ensuring protection of data, applications, and infrastructure.

    + Oversee technical security operations, including endpoint security (EDR/XDR & MDM), vulnerability management, logging and detection (SIEM, SOAR, threat intelligence, UEBA, CSPM/ASM), data protection (DLP, classification, encryption, backup and governance), application and DevSecOps (SAST/DAST, SBOM, secrets, API and container security), and cloud/infrastructure security (CWPP, IaC scanning, and hybrid/cloud hardening).

    + Develop and implement comprehensive GRC programs addressing risk management, compliance standards(e.g., NIST 800-171, CMMC, ISO, CIS), customer requirements, audit readiness, policy management, and vendor risk.

    + Direct incident response, conduct root cause analysis, and implement corrective actions.

    + Oversee business continuity and resilience initiatives such as DR automation, tabletop exercises, and cross-team crisis readiness.

    + Establish and maintain security metrics, KPIs, and reporting processes.

    + Develop and maintain the information security budget, ensuring strategic allocation of resources.

    + Stay informed of emerging threats, technologies, and regulatory changes to continuously improve security posture.

    + Support internal and external security audits and regulatory inquiries.

    + Oversee development and delivery of training and awareness programs to promote a security-conscious workforce.

    Success Metrics and Competencies

    + Strong leadership presence with the ability to influence at all levels of the organization.

    + Ability to effectively communicate with technical and non-technical audiences, including executive leadership.

    + High level of initiative and ownership over enterprise-scale programs.

    + Integrity and sound judgment when managing sensitive data and risks.

    + Commitment to continuous improvement and operational excellence.

    + Commitment to fostering a high-performing and inclusive team culture.

    + Ability to effectively communicate with all levels of the organization and external partners.

    + High degree of discretion and ability to manage highly confidential information.

    + Highly motivated and problem-solving attitude.

    + Strong sense of urgency in responding to constituents.

    + Effective verbal and written communication skills.

    + Strong work ethic and commitment to quality.

    + Self-reliance and ability to operate independently with limited direction.

    + Commitment to promoting the reputation of the company through quality of work.

    + Aspirations to grow professionally and advance within the company.

    + Effective working relationship with internal leaders and peers, as well as external clients.

    + Commitment to becoming a “citizen” of the broader organization, breaking down barriers and silos.

    + Commitment to working in partnership with others inside and outside the organization.

    + Ability to effectively manage multiple time-sensitive tasks.

    Qualifications

    + Minimum of fifteen (15) years of progressive IT experience, including at least six (6) years in information security roles.

    + Bachelor’s degree in computer science, cybersecurity, or related field required; advanced degree preferred.

    + One or more advanced security certifications required (e.g., CISSP, CISM, CISA, CCSP).

    + Proven experience building and leading security teams.

    + Strong knowledge of enterprise security architecture, security operations, GRC frameworks, and risk management.

    + Experience with Microsoft O365, Azure AD, virtual networks, firewalls, and modern security toolsets.

    + Familiarity with frameworks such as NIST CSF, ISO 27001, CIS Controls, CMMC.

     

    About Bowman

     

    Are you ready to build a career that makes a lasting impact? At Bowman, our people are at the center of everything we do. We’re committed to creating an environment where employees can thrive both personally and professionally, while helping to shape the infrastructure of tomorrow.

     

    A career at Bowman means being part of a collaborative, forward-thinking organization where innovation, inclusion, and growth are encouraged at every level. We offer competitive compensation, a supportive work environment, and benefits designed to help our employees succeed.

    Our comprehensive benefits package includes:

    + Medical, dental, vision, life, and disability insurance

    + 401(k) retirement savings plan with company match

    + Paid time off, sick leave, and paid holidays

    + Tuition reimbursement and professional development support

    + Discretionary bonuses and other performance-based incentives

    + Employee Assistance Program (EAP), wellness initiatives, and employee discounts

     

    Eligibility for certain benefits may vary based on position, location, and employment status.

    Physical Demands and Working Environment

    + Primarily indoor professional office environment which may includebright/dim light, noise, fumes, odors, and traffic.

    + Mobility around an office environment.

    + Frequent and prolonged use of standard office equipment such as computers, phones, photocopiers, etc.

    + Minimal travel required (approximately 10%).

    \#LI-BJ1

    Job Description Disclaimer

    Note: While this job description is intended to be an accurate reflection of the job requirements, it is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Management reserves the right to modify, add, or remove duties from particular jobs and to assign other duties as necessary at any time with or without notice.

     

    Bowman is proud to be an Equal Opportunity Employer committed to fostering a diverse and inclusive workplace where all employees feel valued and respected. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here (https://bowman.com/wp-content/uploads/2023/11/EEO-Policy-1.pdf) . If you’d like more information on your EEO rights under the law, please click here (https://www.dol.gov/general/topic/discrimination) .

     

    Bowman has an obligation to provide and maintain a safe, healthy, and productive environment for its employees and clients. We are committed to maintaining a drug and alcohol-free workplace.

     

    If you have any questions about the application process, please email [email protected] .

     

    Bowman is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please go here: https://bowman.com/wp-content/uploads/2023/11/EEO-Policy-1.pdf. If you’d like more information on your EEO rights under the law, please go here: https://www.dol.gov/general/topic/discrimination.