Director, Facility Security Officer
Collibra · Washington, DC · 3 wk ago
RemoteRemoteManagement$184k–$230k/yrFull-time
About the role
The Director, Facility Security Officer (FSO) serves as the principal security advisor to the Government Security Committee (GSC) and the company's primary interface with the Defense Counterintelligence and Security Agency (DCSA) and other cognizant security authorities. This role is foundational within Collibra Public Sector LLC (CPS).
Responsibilities
- FOCI Compliance and Proxy Agreement Execution
- Serve as principal advisor to the GSC on all matters related to the PA compliance and any other applicable matters.
- Maintain and enforce all obligations under the approved PA and AOP, including visit controls, the Electronic Communications Plan, and the Technology Control Plan.
- Serve as the primary point of contact with DCSA for all matters related to facility clearances, annual compliance reporting, and all FOCI mitigation oversight.
- Review and approve all affiliate contacts, visits and communications between CPS and the parent company in accordance with the approved visit controls procedures.
- Develop and maintain a FOCI mitigation instrument (Security Control Agreement, Special Security Agreement, or equivalent) in coordination with outside counsel on FOCI mitigation matters and any open compliance questions.
- Establish and maintain all required DSS/DCSA-mandated records, plans, and programs.
- Administer personnel security clearance processing end-to-end via JPAS/DISS, including nominations, investigations, and visit certifications.
- Advise employees and managers on clearance eligibility, adjudicative guidelines, and ongoing reporting obligations.
- Maintain a current and accurate roster of cleared personnel and access authorizations.
- Lead Collibra's Insider Threat Program, including a multi-disciplinary hub and reporting mechanisms.
- Develop and deliver annual and ongoing security education and awareness training for cleared and uncleared personnel.
- Conduct self-inspection programs and prepare for DCSA facility reviews and annual compliance audits.
- Serve as a trusted advisor to the General Manager and the GSC senior leadership on all security and compliance matters related to the government business.
- Partner with independent legal counsel on export control compliance, including ITAR/EAR obligations as they intersect with CPS's products and services.
- Support contract compliance and bid activities requiring security documentation or clearance certifications.
- Cook up incident investigations involving potential unauthorized disclosure, fraud, or insider threat, and ensure prompt reporting to GSC and DCSA as required.
Requirements
- 8+ years of experience as a Facility Security Officer or in a substantially similar industrial security role within a cleared defense contractor environment.
- Deep working knowledge of the NISPOM (32 CFR Part 117), DAAPM/Risk Management Framework, and DCSA oversight processes.
- Demonstrated experience managing or supporting FOCI mitigation instruments (PA, Security Control Agreement (SCA), Special Security Agreement (SSA), or equivalent). Experience with proxy-agreement structures specifically is strongly preferred.
- Proficiency with JPAS, DISS, and eQIP/SF-86 processing.
- Active U.S. Government security clearance (Top Secret required); ability to obtain and maintain clearance at the level required for the role.
- Demonstrated ability to operate independently and to enforce compliance boundaries with affiliate and parent company personnel.
- Bachelor's degree in a related field, or equivalent combination of education and experience.
- Experience in a FOCI-mitigated environment at a commercial software or technology company, particularly one with active DSCA oversight.
- Demonstrated proficiency in leveraging AI tools (e.g., Claude, Gemini, ChatGPT, Copilot) to solve real-world business challenges, drive measurable outcomes, or streamline workflows.
- Familiarity with ITAR/EAR export control compliance as applied to software and SaaS products.
- Industrial Security Professional (ISP) or similar certification.
- Experience managing COMSEC accounts or working in a multi-facility environment.
Qualifications
- Comprehensive understanding of FOCI mitigation frameworks, including familiarity with applying Proxy Agreement or Security Control Agreement structures to day-to-day operational decisions.
- Proven ability to lead with credibility, enforcing compliance boundaries even when it creates friction with senior stakeholders or affiliate personnel.
- Self-directed and proactive, capable of owning a program end-to-end without a security team beneath you, proactively identifying gaps, drafting policies, and driving decisions without waiting for organizational scaffolding to be built around you.
- Deep fluency in FOCI mitigation frameworks, including experience managing visit controls, affiliate communications, and annual DCSA reporting obligations.
- A trusted cross-functional partner, able to work naturally alongside legal counsel, General Managers, and executive governance bodies like a GSC, translating dense regulatory requirements into clear guidance that non-security stakeholders can act on.
- Familiarity with applying export control frameworks to technology products, including understanding how ITAR and EAR obligations intersect with software or SaaS environments and partnering with counsel to ensure compliance without blocking the business from operating effectively.
Skills
- Comprehensive understanding of FOCI mitigation frameworks, including familiarity with applying Proxy Agreement or Security Control Agreement structures to day-to-day operational decisions.
- Proven ability to lead with credibility, enforcing compliance boundaries even when it creates friction with senior stakeholders or affiliate personnel.
- Self-directed and proactive, capable of owning a program end-to-end without a security team beneath you, proactively identifying gaps, drafting policies, and driving decisions without waiting for organizational scaffolding to be built around you.
- Deep fluency in FOCI mitigation frameworks, including experience managing visit controls, affiliate communications, and annual DCSA reporting obligations.
- A trusted cross-functional partner, able to work naturally alongside legal counsel, General Managers, and executive governance bodies like a GSC, translating dense regulatory requirements into clear guidance that non-security stakeholders can act on.
- Familiarity with applying export control frameworks to technology products, including understanding how ITAR and EAR obligations intersect with software or SaaS environments and partnering with counsel to ensure compliance without blocking the business from operating effectively.
Benefits
- Competitive total rewards package including bonus potential, equity for eligible roles, a Flex Fund monthly stipend, pension/401k plans, and more.
- Flexible benefits program designed to support diverse life events and circumstances.
- Equal opportunity employer committed to fostering a diverse and inclusive workplace.
Pay
The standard base salary range for this position is $184,000.00 - $230,000.00 per year. This position is not eligible for additional commission-based compensation. Salary offers are based on a combination of factors, including, but not limited to, experience, skills, and location.
Schedule
N/A