Chief Information Security Officer
About The Position
The Chief Information Security Officer (CISO) is responsible for establishing and leading the enterprise-wide strategy, vision, and program for information security. This role ensures the confidentiality, integrity, and availability of digital assets, data, and IT infrastructure by proactively assessing threats, setting strategic direction, and implementing robust security frameworks. The CISO manages cybersecurity risk, compliance, and incident response, ensuring the company adheres to laws, regulations, and internal policies, particularly those related to the Cybersecurity Maturity Model Certification (CMMC). This includes identifying risks, training staff, overseeing audits, preventing misconduct, protecting the firm's reputation, and promoting ethical operations.
Requirements
- Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
- 10+ years in information security.
- At least 5 years in a senior leadership role.
- Strong ability to interact with regulatory bodies, auditors, and senior government contracting officers.
Nice To Haves
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- CMMC Registered Practitioner (RP) or Provisional Assessor (PA)
- Certified Chief Information Security Officer (CCISO)
- Experience in the maritime, shipping, or critical infrastructure sector.
Responsibilities
- Develop, implement, and maintain a comprehensive, risk-based information security strategy and roadmap aligned with a cybersecurity program that protects both the IT infrastructure and systems.
- Serve as the primary authority on CMMC (Cybersecurity Maturity Model Certification) readiness and compliance (NIST SP 800-171/800-172). Ensure compliance with the Maritime Transportation Security Act (MTSA), USCG Cybersecurity Final Rule, and International Maritime Organization (IMO) guidelines.
- Oversee security architecture, designing and implementing security controls, policies, and technologies (firewalls, SIEM, IDS/IPS, encryption) to identify, prioritize, and mitigate cybersecurity risks across the entire supply chain.
- Lead incident response teams, overseeing detection, mitigation, and recovery from security incidents.
- Ensure adherence to industry regulations and internal policies, collaborating with legal, compliance, and external auditors.
- Evaluate security practices of vendors, partners, and subcontractors to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).
- Regularly report on the organization’s security posture, metrics, and risk management initiatives to the CEO and Board of Directors (if applicable).
- Build a strong security culture by developing employee security awareness by providing role-based training program to employees.
- Manage the security budget, allocating resources efficiently for maximum protection against emerging threats.
Benefits
- 401 (k)
- Group Health & Dental Plan
- Short- & Long-Term Disability Insurance
- Life & Voluntary Life Insurance
- Holiday & Vacation Pay
- Employee Assistance Program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
