Chief Information Security Officer (CISO)

About The Position

Requirements

• Bachelor’s degree from an accredited college or university required, Master’s degree in Cybersecurity, Information Technology, Business Administration, or related field preferred
• Minimum of 10+ years of progressive experience in Cybersecurity, Information Security, IT Operations, or related technical/administrative disciplines within complex enterprise environments
• At least 4+ years of demonstrated leadership experience managing high-performing teams of 20+ security professionals, including exempt employees, technical leaders, and outsourced Security Operations Center (SOC) resources
• Ability to obtain and maintain a TS/SCI security clearance is required; U.S. Citizenship required
• Industry-recognized security certifications such as Certified Information Systems Security Professional (CISSP) strongly preferred; additional certifications such as CISM, CISA, or Security+ are a plus
• Proven track record of successfully leading enterprise Cybersecurity programs and Security Operations Centers (SOC), including incident response, threat detection, vulnerability management, and continuous monitoring initiatives
• Extensive knowledge of Cybersecurity technologies, frameworks, architectures, and operational best practices across cloud, network, endpoint, identity, and data security domains
• Deep understanding of Defense Industrial Base (DIB) security and compliance requirements, including ITAR, DFARS, NIST 800-171, NIST 800-53, CNSSI 1253, CMMC, ISO 27001, and AS9100 compliance frameworks
• Demonstrated experience interpreting, reviewing, and negotiating contractual security and compliance requirements, including identifying risk exposure and recommending favorable contract redlines when appropriate
• Strong understanding of third-party/vendor risk management lifecycle processes, including sourcing, procurement, onboarding, governance, compliance monitoring, and vendor relationship management
• Financial and operational acumen with experience evaluating business cases, budgeting, depreciation schedules, capitalization strategies, return on investment (ROI), and total cost of ownership (TCO) analyses
• Proven ability to recruit, mentor, develop, and retain high-performing teams while fostering a culture of accountability, collaboration, and continuous improvement
• Executive-level communication and presentation skills with the ability to effectively engage internal leadership, customers, auditors, regulatory bodies, and external vendor partners
• Strong interpersonal and stakeholder management skills with the ability to influence cross-functional teams, build strategic partnerships, and drive alignment across organizational priorities
• Exceptional analytical and problem-solving capabilities with the ability to balance technical risk, operational efficiency, compliance obligations, and business objectives in a fast-paced environment
• Demonstrated ability to lead through change, manage competing priorities, and deliver measurable business outcomes through collaboration with internal and external stakeholders

Nice To Haves

• Prior experience in the Aerospace & Defense industry.
• Thorough understanding of Cybersecurity requirements including, but not limited to DFARS 252.204-7012 and NIST 800-171, CNSSI 1253 and NIST 800-53, CMMC 2.0, ISO 27001, AS9100
• Prior experience leading through Cybersecurity audits and responding to findings with appropriate plans of action.
• Prior experience leading Cybersecurity Incident Management.
• Prior experience developing Cybersecurity KPIs and Metrics.
• Executive presentation skills.
• Prior experience creating and implementing strategic plans and roadmaps.
• Prior experience managing $10M+ annual budgets.

Responsibilities

• Leadership of the IT Cyber Security Team and Security Operations Center (SOC) including both ULA employees and service providers.
• Overall Security of the ULA Enterprise IT Infrastructure and Application portfolio including all IT Infrastructure, Applications and Data.
• Maintain compliance with all security & compliance contractual requirements including DFARS, ISO 27000, AS9100, CMMC, as well as maintaining classified systems security, compliance, and accreditation.
• Review and analyze contracts for security & compliance implications and make favorable redlines, as appropriate and necessary.
• Use the Risk Management Framework principles to implement security and compliance controls while enabling organizational agility and execution.
• Ensure the Security of United Launch Alliance Data, Systems and overall IT Enterprise Architecture through the implementation and management of Leading Information Security Controls, Industry Best-Practices, Advanced Monitoring and Analysis Solutions, Advanced Threat Management Solutions, Intrusion Detection and Prevention Systems, Risk Management.
• Develop and execute a robust and innovative Information Security Strategy and multi-year roadmap leveraging advances in Cyber Security technologies and capabilities, state-of-the-art secure operating systems, networks, applications, and database products.
• Business Process Development, Documentation of IT Policies and Procedures, and Integration of the IT Security value stream across the enterprise.
• Ensure a high level of system and data integrity through in-depth monitoring, event analysis, immediate incident response and rapid recovery.
• Manage ULA Access Control, support ULA Legal and the Office of Internal Governance with investigations. Manage cyber incidents & vulnerabilities to resolution resulting from vulnerability scanning and Advanced Persistent Threat notifications.
• Partner with other IT teams including IT Infrastructure, IT Project Management Office, IT Vendor Management Office, IT Applications, and other business units such as Engineering and Launch to implement appropriate IT security and compliance controls while enabling successful execution of IT projects and meeting project schedules.
• Serve as a voting member of the IT Change Management Board and IT Architecture Board.
• Assess organizational impacts and develop risk mitigation strategies. Incorporate organizational change initiatives into plans to increase acceptance and improve results.
• Utilize approval processes to validate the investment value for IT projects.
• Drive Enhanced Security Initiative projects to closure.
• Conducts risk assessment and provides recommendations for application design.
• Prepare security reports to regulatory agencies.

Benefits

• 401(k) match plus an additional employer contribution
• Discretionary annual incentive bonus for eligible employees
• Generous paid time off
• Flexible work environments