Chief Information Security Officer

General Dynamics Mission Systems•VA-Chantilly, VA

14d•$270,024 - $292,174

About The Position

The Chief Information Security Officer (CISO) is responsible for providing leadership and strategic vision across diverse teams that support global enterprise security initiatives. The CISO directs the overall planning and execution of enterprise security systems, using operational and tactical expertise to direct security management reports, who oversee cyber analysts, engineers and architects. As a business enabler, the CISO ensures business decisions are not hampered by security but adhere to corporate security policies and are implemented with security in mind. The CISO champions a flexible, highly adaptable and secure operating business environment. The CISO is expected to be a master communicator who is confident but humble, and capable of speaking effectively with other key executives. Additionally, the CISO must possess a strong security practitioner background and the ability to effectively collaborate with technical staff. The ideal CISO is a people person who focuses on building a synergistic team where employees are valued, challenged to achieve excellence, have autonomy and enjoy working for the company. Recruitment, career development and retention of cybersecurity staff are top priorities. As the leader of the information security program, the CISO establishes highly effective policies, corporate protocols and an open and collaborative team environment. The CISO must have a strong technical background and fully understand threats, risk mitigation and technical controls to lead a team of security professionals through corporate obligations and defenses. The CISO assumes accountability for the daily tactical operations and overall strategic execution of the team under his or her leadership. The CISO reports to the chief information officer (CIO).

Requirements

A Bachelor’s Degree with a minimum of 15 years’ of proven leadership experience in a related IT/Security field or other equivalent work experience.
At least 8 or more years’ experience leading a cyber-security team in the disciplines identified above.
Due to the nature of work performed within our facilities, U.S. citizenship is required.
High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
Ability to work effectively with a variety of personalities and adapt to effectively reach and develop the team.
Uses this skill as well as functional knowledge to both earn and maintain a high level of credibility with the team.
Ability to lead and motivate cross functional teams to achieve tactical and strategic goals.
Excellent understanding of relevant legal and regulatory compliance.
Excellent understanding of common information security management frameworks.
Excellent analytical, decision making and problems solving skills.
Excellent verbal and written communications skills including the ability to adapt to the audience and circumstance.
Excellent interpersonal skills with a proven track record of presenting to both executive level and technical level audiences.
Superior organizational ability to quickly understand and execute complex assignments with inherent risk.

Nice To Haves

CISSP, CISM, CISA or other similar credentials (in good standing) strongly preferred.

Responsibilities

Serve as advisor in the development, implementation and maintenance of a company-wide information security infrastructure that ensures that best practice control objectives are achieved for system integrity, availability, confidentiality, accountability and assurance within the context of the company's risk tolerance
Directs and provides a strategic risk management vision that scales globally to effectively secure the business.
Drives a strong security culture within the cybersecurity department, but also organization-wide across management and employees.
Influences internal and external constituents, and relays best practice recommendations based on the evolving threat landscape to protect intellectual property and ensure compliance.
Is accountable for thorough enterprise cybersecurity policies, security technology architecture, protecting against emerging threats, and active monitoring and response objectives.
Oversee compliance with DFARS, CMMC, NIST SP 800-171, NIST SP 800-53 (RMF), NISPOM, and FedRAMP standards.
Manage enterprise risk assessments and oversee Plans of Action and Milestones (POA&Ms).
Oversee execution of approved information security projects and internal/external security audits and provide regular status reporting on progress of such projects
Works with the organization toward responsible use of artificial intelligence (AI) and machine learning (ML).
Optimizes and secures cloud infrastructure and applications required to support a dispersed remote workforce.
Manage security incidents and events to protect IT assets including intellectual property, regulated data and the company’s reputation.
Act as the primary control point during follow-up on significant information security incidents, oversee development of response plans and provide timely update reporting.
Understand potential and emerging information security threats, vulnerabilities and control techniques and work with peers and team members to respond appropriately.
Maintain reliable, up-to-date information from the government and across the industry regarding identification of new threats and vulnerabilities