Director, Public Sector GRC

Collibra Public Sector LLC (CPS) is a DCSA-cleared entity operating under an approved Proxy Agreement (PA) and Affiliated Operations Plan (AOP) as a FOCI-mitigated subsidiary.  The Director, Facility Security Officer (FSO) will serve as the principal security advisor to CPS’s Government Security Committee (GSC) and the company's primary interface with the Defense Counterintelligence and Security Agency (DCSA) and other cognizant security authorities. Additionally, the Director will be responsible for developing, implementing, and ensuring compliance with our Insider Threat Program and be the designated FSO and Insider Threat Security Officer (ITPSO).

This is a foundational leadership role within CPS.  The Director will own the ongoing execution and maturation of CPS’s policies in accordance with the National Industrial Security Program. The Director will ensure full compliance with the PA and AOP between CPS and the parent company.  The FSO reports to the CPS General Manager and operates under the oversight of the GSC. This role requires independence and a thorough understanding of the obligations that govern FOCI-mitigated entities, facility clearances, and personnel clearances.

• FOCI Compliance and Proxy Agreement Execution
• Serve as principal advisor to the GSC on all matters related to the PA compliance and any other applicable matters.
• Maintain and enforce all obligations under the approved PA and APO, including visit controls, the Electronic Communications Plan, and the Technology Control Plan.
• Serve as the primary point of contact with DCSA for all matters related to facility clearances, annual compliance reporting, and all FOCI mitigation oversight.
• Review and approve all affiliate contacts, visits and communications between CPS and the parent company in accordance with the approved visit controls procedures.
• Develop and maintain a FOCI mitigation instrument (Security Control Agreement, Special Security Agreement, or equivalent) in coordination with outside counsel on FOCI mitigation matters and any open compliance questions.
• Establish and maintain all required DSS/DCSA-mandated records, plans, and programs.

• Administer personnel security clearance processing end-to-end via JPAS/DISS, including nominations, investigations, and visit certifications.
• Advise employees and managers on clearance eligibility, adjudicative guidelines, and ongoing reporting obligations.
• Maintain a current and accurate roster of cleared personnel and access authorizations.

• Lead Collibra's Insider Threat Program, including a multi-disciplinary hub and reporting mechanisms.
• Develop and deliver annual and ongoing security education and awareness training for cleared and uncleared personnel.
• Conduct self-inspection programs and prepare for DCSA facility reviews and annual compliance audits.

• Serve as a trusted advisor to the General Manager and the GSC senior leadership on all security and compliance matters related to the government business.
• Partner with independent legal counsel on export control compliance, including ITAR/EAR obligations as they intersect with CPSs products and services.
• Support contract compliance and bid activities requiring security documentation or clearance certifications.
• Coordinate incident investigations involving potential unauthorized disclosure, fraud, or insider threat, and ensure prompt reporting to GSC and DCSA as required.

• 8+ years of experience as a Facility Security Officer or in a substantially similar industrial security role within a cleared defense contractor environment.
• Deep working knowledge of the NISPOM (32 CFR Part 117), DAAPM/Risk Management Framework, and DCSA oversight processes.
• Demonstrated experience managing or supporting FOCI mitigation instruments (PA, Security Control Agreement (SCA), Special Security Agreement (SSA), or equivalent). Experience with proxy-agreement structures specifically is strongly preferred.
• Proficiency with JPAS, DISS, and eQIP/SF-86 processing.
• Active U.S. Government security clearance (Top Secret required); ability to obtain and maintain clearance at the level required for the role.
• Demonstrated ability to operate independently and to enforce compliance boundaries with affiliate and parent company personnel. This role requires someone who is genuinely comfortable saying no when the rules require it.
• Bachelor's degree in a related field, or equivalent combination of education and experience.
• Experience in a FOCI-mitigated environment at a commercial software or technology company, particularly one with active DSCA oversight. 
• Demonstrated proficiency in leveraging AI tools (e.g., Claude, Gemini, ChatGPT, Copilot) to solve real-world business challenges, drive measurable outcomes, or streamline workflows.
• Familiarity with ITAR/EAR export control compliance as applied to software and SaaS products.
• Industrial Security Professional (ISP) or similar certification.
• Experience managing COMSEC accounts or working in a multi-facility environment.

• A compliance enforcer who leads with credibility, you've built a reputation for holding firm on security boundaries, even when it creates friction with senior stakeholders or affiliate personnel, and you do so with professionalism and clear regulatory grounding.
• Independently operating and self-directing, you're comfortable owning a program end-to-end without a security team beneath you, proactively identifying gaps, drafting policies, and driving decisions without waiting for organizational scaffolding to be built around you.
• Deeply fluent in FOCI mitigation frameworks, you're familiar with applying Proxy Agreement or Security Control Agreement structures to day-to-day operational decisions, including managing visit controls, affiliate communications, and annual DCSA reporting obligations.
• A trusted cross-functional partner, you work naturally alongside legal counsel, General Managers, and executive governance bodies like a GSC, translating dense regulatory requirements into clear guidance that non-security stakeholders can act on.
• Familiar with applying export control frameworks to technology products, you understand how ITAR and EAR obligations intersect with software or SaaS environments and can partner with counsel to ensure compliance without blocking the business from operating effectively.

• Within your first month, you will immerse yourself in CPS's existing Proxy Agreement, Affiliated Operations Plan, and all DCSA-mandated records, establish relationships with the Government Security Committee and key stakeholders, and conduct a comprehensive gap assessment of current FOCI compliance posture and personnel security rosters.
• Within your third month, you will take full ownership of DCSA communications and annual compliance reporting, implement or strengthen visit controls and the Electronic Communications and Technology Control Plans, and launch a refreshed security education and awareness training program for cleared and uncleared personnel.
• Within your sixth month, you will have matured the Insider Threat Program into a fully operational multi-disciplinary hub with established reporting mechanisms, completed a self-inspection cycle in preparation for DCSA facility reviews, and embedded yourself as a trusted advisor to the GSC on all security, ITAR/EAR, and FOCI mitigation matters, setting the long-term compliance foundation for CPS's growth in the public sector.