management
Posted 2 hours agoChief Information Security Officer
Hybrid
Responsibilities
- Develop and execute the enterprise-wide information security strategy, overseeing risk management, governance, compliance, and threat mitigation to protect highly sensitive data, intellectual property, customer environments, and Mission Hero infrastructure.
- Represent Defense Unicorns' security posture in customer-facing engagements, contract negotiations, government interactions, and partnership discussions.
- Foster a collaborative, mission-first security culture, one that empowers Unicorns to move fast while minimizing risk to the business and our customers.
- Own and execute on a strategy for responsible, cross-cutting AI usage in all functions which enables Unicorns while maintaining a verifiable information security posture. Application Security
- Build and scale defensive security tooling that enables teams to shift-left and safeguard themselves and their work products, from emergent threats including software supply chain security, advanced security hunting, and advanced foreign actors.
- Lead cross-functional efforts to safeguard production infrastructure, cloud platforms, and mission-critical systems against advanced cyber threats, ensuring resilience, regulatory adherence, and alignment with strategic business objectives.
- Build and lead a high-performing security engineering function responsible for securing Defense Unicorns' production environments and customer-facing platforms, including architecture, hardening, threat detection, and defensive controls across cloud, hybrid, and on-premise infrastructure.
- Champion automation of security processes to reduce mean time to detection and containment, and drive continuous improvement across security operations.
- Own the enterprise Governance, Risk, and Compliance (GRC) framework, setting policy standards, defining residual risk thresholds, and ensuring accountability across organizational units.
- Oversee the third-party risk management (TPRM) program and supply chain risk management aligned to NIST SP 800-161, providing final approval authority on technology investments with compliance implications.
- Report on cyber risk posture, program health, and compliance status to senior leadership on a regular cadence. Culture, Awareness & Communication
- Build and sustain a security-aware culture across the organization, one that treats security as mission-enabling, not mission-blocking.
- Lead enterprise security awareness and training programs, ensuring all Unicorns and contractors understand their role in maintaining the company's security posture.