Chief Information Security Office (CISO)

About The Position

Requirements

• 10+ years of experience in cybersecurity, with leadership roles in CISO, Deputy CISO, or Head of Security positions.
• Experience supporting defense, aerospace, or government contracting environments.
• Strong knowledge of NIST SP 800-171, CMMC, DFARS, CUI, and FCI requirements.
• Experience with cloud security architecture (AWS, Azure, GovCloud) and SaaS environments.
• Background in product security, including secure SDLC, application security, and threat modeling.
• Experience with compliance frameworks such as NIST SP 800-53 and FedRAMP (or FedRAMP-aligned environments).
• Demonstrated success leading audits, assessments, and compliance programs (SSPs, POA&Ms, evidence management).
• Hands-on experience with security operations, including monitoring, detection, vulnerability management, and endpoint security.
• Experience leading incident response efforts and executive-level crisis communication.
• Strong understanding of vendor risk management and supply chain security practices.
• Ability to translate technical cyber risk into business and mission impact.
• Excellent cross-functional collaboration skills across Engineering, Product, Legal, Operations, and Executive Leadership.

Nice To Haves

• Experience leading a company through CMMC Level 2 certification.
• Experience supporting FedRAMP Moderate/High or agency ATO processes.
• Background securing mission-critical or operational technology (OT) systems, including distributed infrastructure or sensor networks.
• Familiarity with space operations, satellite systems, or ground-based mission environments.
• Active or prior U.S. security clearance.
• Experience briefing boards, investors, and government customers.
• Proven ability to build scalable security programs in high-growth companies.

Responsibilities

• Own and execute Slingshot’s cybersecurity strategy across enterprise, product, and operational environments.
• Lead readiness and implementation for CMMC, NIST SP 800-171, DFARS, and related government cybersecurity requirements.
• Establish and scale secure software development lifecycle (SDLC), application security, and DevSecOps practices.
• Design and oversee cloud security architecture across AWS/Azure/GovCloud environments.
• Drive audit readiness, including System Security Plans (SSPs), POA&Ms, and continuous monitoring programs.
• Partner with Product and Engineering to embed security into development without slowing delivery velocity.
• Build and operate security monitoring, detection, vulnerability management, and incident response capabilities.
• Lead executive-level incident response, including customer communication and regulatory reporting.
• Develop and enforce identity, access management, data protection, and logging strategies across systems.
• Oversee third-party/vendor risk management and supply chain security, including flowdown requirements.
• Partner with the Facility Security Officer (FSO) on classified programs, insider threat initiatives, and industrial security requirements.
• Ensure secure handling of CUI/FCI and readiness for customer audits and security questionnaires.
• Define and communicate cyber risk to executive leadership, board members, and customers.
• Support business development by enabling compliance required to win and execute government contracts.
• Build and scale a lean, high-performing security team aligned to company growth.

Benefits

• Equity, Diversity & Inclusion are key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences, and backgrounds, who share a passion for creating a safer, more connected world. Diversity not only includes race and gender identity, but also national origin, citizenship, sex, color, veteran status, disability, genetic information, or any other protected characteristic that is part of one’s identity. All of our employees’ points of view are key to our success, and we embrace individuality.