Discovery Architect (Compliance & Program Modernization) at Mythics – Virginia Beach, Virginia

As a federal government contractor and a recipient of federal funding, Mythics and Emergent is required to abide by the Drug-Free Workplace Act, which requires Mythics and Emergent to provide a drug-free workplace, among other obligations. As part of this effort, Mythics and Emergent requires pre-employment drug tests for all candidates for employment. Please note that marijuana (including medical marijuana) is designated as a controlled substance under federal law and will be screened for in the drug test.

Emergent, a subsidiary of Mythics, LLC, is an award-winning IT solutions provider and value-added reseller based in Virginia Beach, Virginia. Since 2006, Emergent has specialized in solving complex challenges and delivered best-of-class technology solutions to operations in all levels of government, education, and commercial organizations worldwide. At Emergent, we are looking for motivated people with the expertise and insight to tackle the toughest client issues.

Because at Emergent, YOU count! At Emergent, our Corporate Values are at the foundation of everything we do. Our values, Respect – Empathy – Excellence – Fun (REEF), have created an environment that fosters creative thinking, respects your contributions, and accepts nothing less than excellence in serving our customers. At Emergent, you will experience a truly enjoyable corporate culture.

Enjoy Tailored Benefits to Suit Your Needs with our Flexible Options. Our benefit options include:

• Comprehensive Health, Dental, and Vision plans
• Premier 401k retirement plan with corporate matching and a 529 college saving plan
• Tax-advantaged Health Savings Account and Dependent Care Flexible Spending Account options
• Legal Resources

Unlock Exclusive Benefits for Full-Time Employees:

• Generous work/life balance opportunities supported by a PTO bank, paid holidays, leave programs and additional flex time off
• Employee referral program
• Employee recognition, gift and reward program
• Tuition reimbursement for continuing education
• Remote or hybrid work options
• Engaging company events such as team building activities, annual awards and kick-off parties
• Health and wellness-focused activities
• Relaxation Spaces
• In-office gourmet coffee, tea, fresh fruit and healthy snacks
• Corporate GREEN approach – tracking energy consumption for reduction and purchasing only environmentally friendly products for our offices

Emergent, LLC is an equal opportunity employer. In accordance with applicable federal, state, and/or local law, all qualified applicants will receive consideration regardless of race, color, religion, national origin, sex, disability, sexual orientation, gender identity, age, marital status, medical condition, veteran status, or other factors protected by law. We offer equal opportunity in compensation, advancement opportunities, and all other terms and conditions of employment. As a federal government contractor, Emergent has developed and maintains a written Affirmative Action Program relating to individuals with disabilities and protected veterans, which sets forth the policies, practices and procedures to which the Company is committed in order to ensure that its policy of nondiscrimination and affirmative action for qualified individuals with disabilities and protected veterans is followed. For those unable to complete an online application, alternative methods are available by contacting accommodationrequests@mythics.com. For more information about Federal laws prohibiting job discrimination, please read Know Your Rights.

The Discovery Architect redefines how agencies approach security and compliance. This role serves as the technical and strategic authority for discovery-led compliance modernization, owning how regulatory intent is translated into provable, operational reality. This is a prestigious, hands-on “Architect-Doer” role, applying depth in frameworks such as NIST 800-53, NY DFS 500, VCDPA, CCPA to drive modernization across some of the most regulated environments in the world. The Discovery Architect leads high-velocity discovery efforts that establish a defensible system of record for compliance, risk, and asset intelligence, forming the backbone for audit readiness, funding justification, and long-term program resilience. The Discovery Architect requires a combination of technical architect, risk strategist, and program leadership to turn policy mandates into actionable, defensible architectures.

Duties and Responsibilities:

• Own the end-to-end lifecycle of the Compliance Readiness Lite engagement, from rapid discovery through ongoing posture oversight, serving as the single-threaded technical authority for accuracy, defensibility, and executive trust.
• Lead rapid, 48–72 hour “Readiness Lite” assessments, executing technical-first discovery that replaces interview-based assumptions with verifiable evidence.
• Perform read-only environment scans to automatically inventory assets, configurations, identities, and integrations, mapping them to applicable regulatory frameworks.
• Ensure asset and control inventories are complete, normalized, and audit-defensible across hybrid, cloud, SaaS, and third-party surfaces.
• Synthesize telemetry, configurations, and targeted interviews into data-driven proof of compliance or explicit identification of audit red zones and material weaknesses.
• Translate findings into Executive Gap Reports that prioritize corrective actions based on risk, blast radius, and audit exposure.
• Design compliance modernization pathways that convert control gaps into technically enforceable architectures rather than policy exceptions or compensating narratives.
• Sequence remediation to maximize defensibility under real audit conditions.
• Transition clients into a Compliance-as-a-Service (CaaS) model, providing ongoing configuration guidance, documentation standards, and Quarterly Business Reviews to sustain audit readiness and institutional continuity.
• Automate evidence collection and control tracking in Apptega (or similar GRC platforms), reclaiming up to 40% of analyst time while improving evidence quality and consistency.
• Develop Auditor Heat Maps that expose red zones, fragile controls, and dependency risks well before official audits or examinations. Continuously refine these heat maps based on regulatory trends and audit outcomes.
• Institutionalize compliance knowledge, evidence, and rationale within Apptega to prevent loss through staff turnover, contractor churn, or leadership transitions.
• Identify and control Shadow AI usage and Non-Human Identities (NHIs) that evade traditional GRC and audit processes, ensuring emerging technology risks are captured within formal compliance boundaries.
• Map compliance gaps and modernization needs to funding mechanisms such as SLTTP/SLCGP and the Technology Modernization Fund (TMF) to unlock capital for remediation and transformation.

Other Duties

• Perform all other duties, as assigned.

Minimum Requirements:

• Bachelor’s Degree in an IT-related field or equivalent work experience, required.
• 8 - 10 years of progressive experience in Cyber consulting, including demonstrated leadership of large-scale compliance, audit readiness, or regulatory modernization initiatives in highly regulated environments.

Knowledge / Skills / Abilities (KSAs):

• Deep understanding of NIST CSF 2.0, 800-53, 800-171, CMMC, and state privacy mandates including NY DFS, CCPA, and VCDPA.
• Ability to interpret regulatory intent and distinguish material control failures from low-risk deficiencies.
• Proficiency with Apptega (or similar automated GRC platforms) and experience interpreting data from discovery tools such as Purple Knight, BloodHound, and ZPA Discovery.
• Comfort validating tool output and defending methodology to auditors and regulators.
• Proven ability to map a missing security control directly to a technical implementation from trusted OEMs.
• Strong understanding of shared responsibility models and compensating control strategies.
• Hands-on fluency with a modern GRC platform (ideally Apptega) for multi-framework mapping, control tracking, and executive reporting.
• Comfort working with Active Directory/Entra ID and cloud discovery tooling (e.g., Purple Knight, BloodHound, Zscaler discovery, and CSP-native security services) to build accurate asset and control inventories.
• Ability to reason about identity, configuration drift, and control inheritance across complex environments.
• Ability to pull and join data via scripts and APIs and present it in clean executive visuals—particularly leveraging a Python and Power BI (or similar BI) workflow for repeatable scorecards, heat maps, and dashboards.
• Exceptional written and verbal communication skills, with the ability to translate complex automation concepts into executive-level and non-technical narratives
• A mindset oriented toward product thinking – treating automation as a long-lived platform rather than a one-time migration tool with strong DevOps hygiene (Git, PRs, CI) and change management discipline to ensure safe rollout at scale.